1,573 research outputs found
Obligations of trust for privacy and confidentiality in distributed transactions
Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control.
Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties.
Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today.
Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery.
Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise
Semantic Privacy Policies for Service Description and Discovery in Service-Oriented Architecture
Privacy preservation in Service-Oriented Architecture (SOA) is an open problem. This paper focuses on the areas of service description and discovery. The problems in these areas are that currently it is not possible to describe how a service provider deals with information received from a service consumer as well as discover a service that satisfies the privacy preferences of a consumer. There is currently no framework which offers a solution that supports a rich description of privacy policies and their integration in the process of service discovery. Thus, the main goal of this paper is to propose a privacy preservation framework for the areas of service description and discovery in SOA. The framework enhances service description and discovery with the specification and intersection of privacy policies using a base and domain-specific privacy ontologies. Moreover, the framework extends SOA to include roles responsible for implementing a privacy registry as well as mediating the interactions between service consumers and providers and the privacy preservation component
Semantic Privacy Policies for Service Description and Discovery in Service-Oriented Architecture
Privacy can be defined as the right of an individual to have information about them accessed and used in conformity with what they consider acceptable. Privacy preservation in Service-Oriented Architecture (SOA) is an open problem. A solution for this problem must include features that support privacy preservation in each area of SOA. This thesis focuses on the areas of service description and discovery. The problems in these areas are that currently it is not possible to describe how a service provider deals with information received from a service consumer as well as discover a service that satisfies the privacy preferences of a consumer. Research has been carried out in these areas, but there is currently no framework which offers a solution that supports a rich description of privacy policies and their integration in the process of service discovery. Thus, the main goal of this thesis is to propose a privacy preservation framework for the areas of service description and discovery in SOA. The framework enhances service description and discovery with the specification and intersection of privacy policies using a base and domain-specific privacy ontologies. Moreover, the framework enhances these areas with an extension to basic SOA that includes roles responsible for implementing a privacy registry as well as mediating the interactions between service consumers and providers and the privacy preservation component. The framework is evaluated through a health care scenario as privacy preservation is an important issue in this domain
Machine-Readable Privacy Certificates for Services
Privacy-aware processing of personal data on the web of services requires
managing a number of issues arising both from the technical and the legal
domain. Several approaches have been proposed to matching privacy requirements
(on the clients side) and privacy guarantees (on the service provider side).
Still, the assurance of effective data protection (when possible) relies on
substantial human effort and exposes organizations to significant
(non-)compliance risks. In this paper we put forward the idea that a privacy
certification scheme producing and managing machine-readable artifacts in the
form of privacy certificates can play an important role towards the solution of
this problem. Digital privacy certificates represent the reasons why a privacy
property holds for a service and describe the privacy measures supporting it.
Also, privacy certificates can be used to automatically select services whose
certificates match the client policies (privacy requirements).
Our proposal relies on an evolution of the conceptual model developed in the
Assert4Soa project and on a certificate format specifically tailored to
represent privacy properties. To validate our approach, we present a worked-out
instance showing how privacy property Retention-based unlinkability can be
certified for a banking financial service.Comment: 20 pages, 6 figure
Bringing social reality to multiagent and service architectures : practical reductions for monitoring of deontic-logic and constitutive norms
As distributed systems grow in complexity, the interactions among individuals (agents,
services) of such systems become increasingly more complex and therefore more difficult to constrain and monitor. We propose to view such systems as socio-technical systems, in which organisational and institutional concepts, such as norms, can be applied to improve not only control on the components but also their autonomy by the definition of soft rather than hard constraints.
Norms can be described as rules that guide the behavior of individual agents pertaining to groups that abide to them, either by explicit or implicit support. The study of norms, and regulatory systems in general, in their many forms -e.g. social norms, conventions, laws, regulations- has been of interest since the beginning of philosophy, but has seen a lot of evolution during the 20th century due to the progress in the philosophy of language, especially concerning speech acts and deontic logic.
Although there is a myriad of definitions and related terminologies about the concept of norm, and as such there are many perspectives on how to analyse their impact, a common denominator is that norms constrain the behaviour of groups of agents in a way that each individual agent can build, with a fair degree of confidence, expectations on how each of their counterparts will behave in the situations that the norms are meant to cover. For example, on a road each driver expects everybody else to drive on only one side of the road (right or left, depending on the country). Therefore, normative contexts, usually wrapped in the form of institutions, are effective mechanisms to ensure the stability of a complex system such as an organisation, a society, or even of electronic systems. The latter has been an object of interest in the field of Artificial Intelligence, and it has been seen as a paradigm of coordination among electronic agents either in multi-agent systems or in service-oriented architectures.
In order to apply norms to electronic systems, research has come up with abstractions of normative systems. In some cases these abstractions are based on regimented systems with flexible definitions of the notion of norm, in order to include meanings of the concept with a coarse-grained level of logic formality such as conventions. Other approaches, on the other hand, propose the use of deontic logic for describing, from a more theoretical perspective, norm-governed interaction environments. In both cases, the purpose is to enable the monitoring and enforcement of norms on systems that include -although not limited to- electronic agents. In the present dissertation we will focus on the latter type, focusing on preserving the deontic aspect of norms.
Monitoring in norm-governed systems requires making agents aware of: 1) what their normative context is, i.e. which obligations, permissions and prohibitions are applicable to each of them and how they are updated and triggered; and 2) what their current normative status is, i.e. which norms are active, and in what instances they are being fullfilled or violated, in order words, what their social -institutional- reality is.
The current challenge is on designing systems that allow computational components to infer both the normative context and social reality in real-time, based on a theoretical formalism that makes such inferences sound and correct from a philosophical perspective. In the scope of multi-agent systems, many are the approaches proposed and implemented that full these requirements up to this date. However, the literature is still lacking a proposal that is suited to the current state-of-the-art in service-oriented architectures, more focused nowadays on automatically scalable, polyglot amalgams of lightweight services with extremely simple communication and coordination mechanisms- a trend that is being called “microservices”.
This dissertation tackles this issue, by 1) studying what properties we can infer from distributed systems that allow us to treat them as part of a socio-technical system, and 2) analysing which mechanisms we can provide to distributed systems so that they can properly act as socio-technical systems. The main product of the thesis is therefore a collection of computational elements required for formally grounded and real-time e¬fficient understanding and monitoring of normative contexts, more specially:
1. An ontology of events to properly model the inputs from the external world and convert them into brute facts or institutional events; 2. A lightweight language for norms, suitable for its use in distributed systems; 3. An especially tailored formalism for the detection of social reality, based on and reducible to deontic logic with support for constitutive norms; 4. A reduction of such formalism to production rule systems; and 5. One or more implementations of this reduction, proven to e¬fficiently work on several scenarios.
This document presents the related work, the rationale and the design/implementation of each one of these elements. By combining them, we are able to present novel, relevant work that enables the application of normative reasoning mechanisms in realworld systems in the form of a practical reasoner. Of special relevance is the fact that the work presented in this dissertation simplifies, while preserving formal soundness, theoretically complex forms of reasoning. Nonetheless, the use of production systems as the implementation-level materialisation of normative monitoring allows our work to be applied in any language and/or platform available, either in the form of rule engines, ECA rules or even if-then-else patterns.
The work presented has been tested and successfully used in a wide range of domains and actual applications. The thesis also describes how our mechanisms have been applied to practical use cases based on their integration into distributed eldercare management and to commercial games.Con el incremento en la complejidad de los sistemas distribuidos, las interacciones entre los individuos (agentes, servicios) de dichos sistemas se vuelven más y más complejas y, por ello, más difíciles de restringir y monitorizar. Proponemos ver a estos sistemas como sistemas socio-técnicos, en los que conceptos organizacionales e institucionales (como las normas) pueden aplicarse para mejorar no solo el control sobre los componentes sino también su autonomía mediante la definición de restricciones débiles (en vez de fuertes).
Las Normas se pueden describir como reglas que guían el comportamiento de agentes individuales que pertenecen a grupos que las siguen, ya sea con un apoyo explícito o implícito. El estudio de las normas y de los sistemas regulatorios en general y en sus formas diversas -normas sociales, convenciones, leyes, reglamentos- ha sido de interés para los eruditos desde los inicios de la filosofía, pero ha sufrido una evolución mayor durante el siglo 20 debido a los avances en filosofía del lenguaje, en especial los relacionados con los actos del habla -speech acts en inglés- y formas deónticas de la lógica modal.
Aunque hay una gran variedad de definiciones y terminología asociadas al concepto de norma, y por ello existen varios puntos de vista sobre como analizar su impacto, el denominador común es que las normas restringen el comportamiento de grupos de agentes de forma que cada agente individual puede construir, con un buen nivel de confianza, expectativas sobre cómo cada uno de los otros actores se comportará en las situaciones que las normas han de cubrir. Por ejemplo, en una carretera cada conductor espera que los demás conduzcan solo en un lado de la carretera (derecha o izquierda, dependiendo del país).
Por lo tanto, los contextos normativos, normalmente envueltos en la forma de instituciones, constituyen mecanismos efectivos para asegurar la estabilidad de un sistema complejo como una organización, una sociedad o incluso un sistema electrónico. Lo último ha sido objeto de estudio en el campo de la Inteligencia Artificial, y se ha visto como paradigma de coordinación entre agentes electrónicos, tanto en sistemas multiagentes como en arquitecturas orientadas a servicios.
Para aplicar normas en sistemas electrónicos, los investigadores han creado abstracciones de sistemas normativos. En algunos casos estas abstracciones se basan en sistemas regimentados con definiciones flexibles del concepto de norma para poder influir algunos significados del concepto con un menor nivel de granularidad formal como es el caso de las convenciones. Otras aproximaciones proponen el uso de lógica deóntica para describir, desde un punto de vista más teórico, entornos de interacción gobernados por normas. En ambos casos el propósito es el permitir la monitorización y la aplicación de las normas en sistemas que incluyen -aunque no están limitados a- agentes electrónicos.
En el presente documento nos centraremos en el segundo tipo, teniendo cuidado en mantener el aspecto deóntico de las normas.
La monitorización en sistemas gobernados por normas requiere el hacer a los agentes conscientes de: 1) cual es su contexto normativo, es decir, que obligaciones permisos y prohibiciones se aplican a cada uno de ellos y cómo se actualizan y activan;
y 2) cual es su estado normativo actual, esto es, que normas están activas, y que instancias están siendo cumplidas o violadas, en definitiva, cual es su realidad social -o institucional-.
En la actualidad el reto consiste en diseñar sistemas que permiten inferir a componentes computacionales tanto el contexto normativo como la realidad social en tiempo real, basándose en un formalismo teórico que haga que dichas inferencias sean correctas y bien fundamentadas desde el punto de vista filosófico. En el ámbito de los sistemas multiagente existen muchas aproximaciones propuestas e implementadas que cubren estos requisitos. Sin embargo, esta literatura aun carece de una propuesta que sea adecuada para la tecnología de las arquitecturas orientadas a servicios, que están más centradas en amalgamas políglotas y escalables de servicios ligeros con mecanismos de coordinación y comunicación extremadamente simples, una tendencia moderna que lleva el nombre de microservicios.
Esta tesis aborda esta problemática 1) estudiando que propiedades podemos inferir de los sistemas distribuidos que nos permitan tratarlos como parte de un sistema sociotécnico, y 2) analizando que mecanismos podemos proporcionar a los sistemas distribuidos de forma que puedan actuar de forma correcta como sistemas socio-técnicos.
El producto principal de la tesis es, por tanto, una colección de elementos computacionales requeridos para la monitorización e interpretación e_cientes en tiempo real y con clara base formal. En concreto:
1. Una ontología de eventos para modelar adecuadamente las entradas del mundo exterior y convertirlas en hechos básicos o en eventos institucionales;
2. Un lenguaje de normas ligero y sencillo, adecuado para su uso en arquitecturas orientadas a servicios;
3. Un formalismo especialmente adaptado para la detección de la realidad social, basado en y reducible a lógica deóntica con soporte para normas constitutivas;
4. Una reducción de ese formalismo a sistemas de reglas de producción; y
5. Una o más implementaciones de esta reducción, de las que se ha probado que funcionan eficientemente en distintos escenarios.
Este documento presenta el estado del arte relacionado, la justificación y el diseño/implementación para cada uno de esos elementos. Al combinarlos, somos capaces de presentar trabajo novedoso y relevante que permite la aplicación de mecanismos de razonamiento normativo en sistemas del mundo real bajo la forma de un razonador práctico. De especial relevancia es el hecho de que el trabajo presentado en este documento simplifica formas complejas y teóricas de razonamiento preservando la correctitud formal. El uso de sistemas de reglas de producción como la materialización a nivel de implementación del monitoreo normativo permite que nuestro trabajo se pueda aplicar a cualquier lenguaje o plataforma disponible, ya sea en la forma de motores de reglas, reglas ECA o incluso patrones si-entonces.
El trabajo presentado ha sido probado y usado con éxito en un amplio rango de dominios y aplicaciones prácticas. La tesis describe como nuestros mecanismos se han aplicado a casos prácticos de uso basados en su integración en la gestión distribuida de pacientes de edad avanzada o en el sector de los videojuegos comerciales.Postprint (published version
Towards alignment of architectural domains in security policy specifications
Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI
- …