55,401 research outputs found
An Audit Logic for Accountability
We describe and implement a policy language. In our system, agents can
distribute data along with usage policies in a decentralized architecture. Our
language supports the specification of conditions and obligations, and also the
possibility to refine policies. In our framework, the compliance with usage
policies is not actively enforced. However, agents are accountable for their
actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200
The Audit Logic: Policy Compliance in Distributed Systems
We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) proof that the authority can systematically check for validity. Tools for automatically checking and generating proofs are also part of the framework.\u
Conditions, constraints and contracts: on the use of annotations for policy modeling.
Organisational policies express constraints on generation and processing of resources. However, application domains rely on transformation processes, which are in principle orthogonal to policy specifications and domain rules and policies may evolve in a non-synchronised way. In previous papers, we have proposed annotations as a flexible way to model aspects of some policy, and showed how they could be used to impose constraints on domain configurations, how to derive application conditions on transformations, and how to annotate complex patterns. We extend the approach by: allowing domain model elements to be annotated with collections of elements, which can be collectively applied to individual resources or collections thereof; proposing an original construction to solve the problem of annotations remaining orphan , when annotated resources are consumed; introducing a notion of contract, by which a policy imposes additional pre-conditions and post-conditions on rules for deriving new resources. We discuss a concrete case study of linguistic resources, annotated with information on the licenses under which they can be used. The annotation framework allows forms of reasoning such as identifying conflicts among licenses, enforcing the presence of licenses, or ruling out some modifications of a licence configuration
An automated model-based test oracle for access control systems
In the context of XACML-based access control systems, an intensive testing
activity is among the most adopted means to assure that sensible information or
resources are correctly accessed. Unfortunately, it requires a huge effort for
manual inspection of results: thus automated verdict derivation is a key aspect
for improving the cost-effectiveness of testing. To this purpose, we introduce
XACMET, a novel approach for automated model-based oracle definition. XACMET
defines a typed graph, called the XAC-Graph, that models the XACML policy
evaluation. The expected verdict of a specific request execution can thus be
automatically derived by executing the corresponding path in such graph. Our
validation of the XACMET prototype implementation confirms the effectiveness of
the proposed approach.Comment: 7 page
Adaptive Electricity Scheduling in Microgrids
Microgrid (MG) is a promising component for future smart grid (SG)
deployment. The balance of supply and demand of electric energy is one of the
most important requirements of MG management. In this paper, we present a novel
framework for smart energy management based on the concept of
quality-of-service in electricity (QoSE). Specifically, the resident
electricity demand is classified into basic usage and quality usage. The basic
usage is always guaranteed by the MG, while the quality usage is controlled
based on the MG state. The microgrid control center (MGCC) aims to minimize the
MG operation cost and maintain the outage probability of quality usage, i.e.,
QoSE, below a target value, by scheduling electricity among renewable energy
resources, energy storage systems, and macrogrid. The problem is formulated as
a constrained stochastic programming problem. The Lyapunov optimization
technique is then applied to derive an adaptive electricity scheduling
algorithm by introducing the QoSE virtual queues and energy storage virtual
queues. The proposed algorithm is an online algorithm since it does not require
any statistics and future knowledge of the electricity supply, demand and price
processes. We derive several "hard" performance bounds for the proposed
algorithm, and evaluate its performance with trace-driven simulations. The
simulation results demonstrate the efficacy of the proposed electricity
scheduling algorithm.Comment: 12 pages, extended technical repor
GEM: a Distributed Goal Evaluation Algorithm for Trust Management
Trust management is an approach to access control in distributed systems
where access decisions are based on policy statements issued by multiple
principals and stored in a distributed manner. In trust management, the policy
statements of a principal can refer to other principals' statements; thus, the
process of evaluating an access request (i.e., a goal) consists of finding a
"chain" of policy statements that allows the access to the requested resource.
Most existing goal evaluation algorithms for trust management either rely on a
centralized evaluation strategy, which consists of collecting all the relevant
policy statements in a single location (and therefore they do not guarantee the
confidentiality of intensional policies), or do not detect the termination of
the computation (i.e., when all the answers of a goal are computed). In this
paper we present GEM, a distributed goal evaluation algorithm for trust
management systems that relies on function-free logic programming for the
specification of policy statements. GEM detects termination in a completely
distributed way without disclosing intensional policies, thereby preserving
their confidentiality. We demonstrate that the algorithm terminates and is
sound and complete with respect to the standard semantics for logic programs.Comment: To appear in Theory and Practice of Logic Programming (TPLP
- …