9,385 research outputs found
On the emergent Semantic Web and overlooked issues
The emergent Semantic Web, despite being in its infancy, has already received a lotof attention from academia and industry. This resulted in an abundance of prototype systems and discussion most of which are centred around the underlying infrastructure. However, when we critically review the work done to date we realise that there is little discussion with respect to the vision of the Semantic Web. In particular, there is an observed dearth of discussion on how to deliver knowledge sharing in an environment such as the Semantic Web in effective and efficient manners. There are a lot of overlooked issues, associated with agents and trust to hidden assumptions made with respect to knowledge representation and robust reasoning in a distributed environment. These issues could potentially hinder further development if not considered at the early stages of designing Semantic Web systems. In this perspectives paper, we aim to help engineers and practitioners of the Semantic Web by raising awareness of these issues
Nontransitive Policies Transpiled
Nontransitive Noninterference (NTNI) and Nontransitive Types (NTT) are a new security condition and enforcement for policies which, in contrast to Denning\u27s classical lattice model, assume no transitivity of the underlying flow relation. Nontransitive security policies are a natural fit for coarse-grained information-flow control where labels are specified at module rather than variable level of granularity.While the nontransitive and transitive policies pursue different goals and have different intuitions, this paper demonstrates that nontransitive noninterference can in fact be reduced to classical transitive noninterference. We develop a lattice encoding that establishes a precise relation between NTNI and classical noninterference. Our results make it possible to clearly position the new NTNI characterization with respect to the large body of work on noninterference. Further, we devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies. We demonstrate several immediate benefits of our approach, both theoretical and practical. First, we improve the permissiveness over (while retaining the soundness of) the nonstandard NTT enforcement. Second, our results naturally generalize to a language with intermediate inputs and outputs. Finally, we demonstrate the practical benefits by utilizing state-of-the-art flow-sensitive tool JOANA to enforce nontransitive policies for Java programs
Directed Security Policies: A Stateful Network Implementation
Large systems are commonly internetworked. A security policy describes the
communication relationship between the networked entities. The security policy
defines rules, for example that A can connect to B, which results in a directed
graph. However, this policy is often implemented in the network, for example by
firewalls, such that A can establish a connection to B and all packets
belonging to established connections are allowed. This stateful implementation
is usually required for the network's functionality, but it introduces the
backflow from B to A, which might contradict the security policy. We derive
compliance criteria for a policy and its stateful implementation. In
particular, we provide a criterion to verify the lack of side effects in linear
time. Algorithms to automatically construct a stateful implementation of
security policy rules are presented, which narrows the gap between
formalization and real-world implementation. The solution scales to large
networks, which is confirmed by a large real-world case study. Its correctness
is guaranteed by the Isabelle/HOL theorem prover.Comment: In Proceedings ESSS 2014, arXiv:1405.055
US/UK Mental Models of Planning: The Relationship Between Plan Detail and Plan Quality
This paper presents the results of a research study applying a new cultural analysis method to capture commonalities and differences between US and UK mental models of operational planning. The results demonstrate the existence of fundamental differences between the way US and UK planners think about what it means to have a high quality plan. Specifically, the present study captures differences in how US and UK planners conceptualize plan quality. Explicit models of cultural differences in conceptions of plan quality are useful for establishing performance metrics for multinational planning teams. This paper discusses the prospects of enabling automatic evaluation of multinational team performance by combining recent advances in cultural modelling with enhanced ontology languages
A log mining approach for process monitoring in SCADA
SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow
Packet flow analysis in IP networks via abstract interpretation
Static analysis (aka offline analysis) of a model of an IP network is useful
for understanding, debugging, and verifying packet flow properties of the
network. There have been static analysis approaches proposed in the literature
for networks based on model checking as well as graph reachability. Abstract
interpretation is a method that has typically been applied to static analysis
of programs. We propose a new, abstract-interpretation based approach for
analysis of networks. We formalize our approach, mention its correctness
guarantee, and demonstrate its flexibility in addressing multiple
network-analysis problems that have been previously solved via tailor-made
approaches. Finally, we investigate an application of our analysis to a novel
problem -- inferring a high-level policy for the network -- which has been
addressed in the past only in the restricted single-router setting.Comment: 8 page
- âŠ