APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK

Julian Schütte

2011

Abstract

Pervasive systems with ad hoc connectivity and semantic service discovery are a challenging environment when it comes to dynamically managing access rights and security settings. Most policy frameworks come with a pre-defined policy model whose expressiveness can usually not be extended and is thus not adaptable to a high-level security model as it might be predetermined by a company or a specific application. In order to overcome these limitations we designed Apollon, a policy framework featuring a modular policy model which can be extended or reduced as required by an application. In this paper, we present the software architecture of Apollon, and show by the example of a DRBAC-model how the expressiveness of Apollon can be successively extended.

References

  1. Baader, F., Horrocks, I., and Sattle, U. (2007). Handbook of Knowledge Representation, chapter 3 Description Logics, pages 135-180. Elsevier. ISBN 0444522115. 1On Intel Core 2 Duo 2GHz, Ubuntu 10.04, Sun Java
  2. Baader, F., Horrocks, I., and Sattle, U. (2007). Handbook of Knowledge Representation, chapter 3 Description Logics, pages 135-180. Elsevier. ISBN 0444522115. 1On Intel Core 2 Duo 2GHz, Ubuntu 10.04, Sun Java
  3. Bacon, J., Moody, K., and Yao, W. (2002). A model of oasis role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur., 5:492-540.
  4. Bacon, J., Moody, K., and Yao, W. (2002). A model of oasis role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur., 5:492-540.
  5. Becker, M. Y. and Sewell, P. (2004). Cassandra: Distributed access control policies with tunable expressiveness. In Proc. 5th IEEE Int'l Workshop on Policies for Distributed Systems and Networks (POLICY), pages 159- 168. IEEE Computer Society.
  6. Becker, M. Y. and Sewell, P. (2004). Cassandra: Distributed access control policies with tunable expressiveness. In Proc. 5th IEEE Int'l Workshop on Policies for Distributed Systems and Networks (POLICY), pages 159- 168. IEEE Computer Society.
  7. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. (2001). Proposed NIST Standard for Role-Based Access Control.
  8. Ferraiolo, D. F., Sandhu, R., Gavrila, S., Kuhn, D. R., and Chandramouli, R. (2001). Proposed NIST Standard for Role-Based Access Control.
  9. Ferrini, R. and Bertino, E. (2009). Supporting rbac with xacml+owl. In Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT 7809), pages 145-154, New York, NY, USA. ACM.
  10. Ferrini, R. and Bertino, E. (2009). Supporting rbac with xacml+owl. In Proceedings of the 14th ACM symposium on Access control models and technologies (SACMAT 7809), pages 145-154, New York, NY, USA. ACM.
  11. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W. H., and Thuraisingham, B. (2008). ROWLBAC - Representing Role Based Access Control in OWL. In Proceedings of the 13th Symposium on Access control Models and Technologies. ACM Press.
  12. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W. H., and Thuraisingham, B. (2008). ROWLBAC - Representing Role Based Access Control in OWL. In Proceedings of the 13th Symposium on Access control Models and Technologies. ACM Press.
  13. Lalana Kagal (2006). The Rein Policy Framework for the Semantic Web. http://dig.csail.mit.edu/2006/06/rein/.
  14. Lalana Kagal (2006). The Rein Policy Framework for the Semantic Web. http://dig.csail.mit.edu/2006/06/rein/.
  15. Lee, A., Boyer, J. P., Olson, L. E., and Gunter, C. A. (2006). Defeasible security policy composition for web services. In Proceedings of the fourth ACM workshop on Formal methods in security, FMSE 7806, pages 45-54, New York, NY, USA. ACM.
  16. Lee, A., Boyer, J. P., Olson, L. E., and Gunter, C. A. (2006). Defeasible security policy composition for web services. In Proceedings of the fourth ACM workshop on Formal methods in security, FMSE 7806, pages 45-54, New York, NY, USA. ACM.
  17. OASIS (2005). Core and hierarchical role based access control (rbac) profile of xacml v2.0. OASIS.
  18. OASIS (2005). Core and hierarchical role based access control (rbac) profile of xacml v2.0. OASIS.
  19. Toninelli, A., Bradshaw, J. M., Kagal, L., and Montanari, R. (2005). Rule-based and ontology-based policies: Toward a hybrid approach to control agents in pervasive environments. In Proc. of the Semantic Web and Policy Workshop.
  20. Toninelli, A., Bradshaw, J. M., Kagal, L., and Montanari, R. (2005). Rule-based and ontology-based policies: Toward a hybrid approach to control agents in pervasive environments. In Proc. of the Semantic Web and Policy Workshop.
  21. Twidle, K., Dulay, N., Lupu, E., and Sloman, M. (2009). Ponder2: A policy system for autonomous pervasive environments. In The Fifth International Conference on Autonomic and Autonomous Systems (ICAS), pages 330-335. IEEE Computer Society Press.
  22. Twidle, K., Dulay, N., Lupu, E., and Sloman, M. (2009). Ponder2: A policy system for autonomous pervasive environments. In The Fifth International Conference on Autonomic and Autonomous Systems (ICAS), pages 330-335. IEEE Computer Society Press.
  23. Uszok, A., Bradshaw, J. M., Jeffers, R., Suri, N., Hayes, P. J., Breedy, M. R., Bunch, L., Johnson, M., Kulkarni, S., and Lott, J. (2003). Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In Third International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 93-96.
  24. Uszok, A., Bradshaw, J. M., Jeffers, R., Suri, N., Hayes, P. J., Breedy, M. R., Bunch, L., Johnson, M., Kulkarni, S., and Lott, J. (2003). Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In Third International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 93-96.
Download


Paper Citation


in Harvard Style

Schütte J. (2011). APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 391-395. DOI: 10.5220/0003523603910395


in Harvard Style

Schütte J. (2011). APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 391-395. DOI: 10.5220/0003523603910395


in Bibtex Style

@conference{secrypt11,
author={Julian Schütte},
title={APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={391-395},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003523603910395},
isbn={978-989-8425-71-3},
}


in Bibtex Style

@conference{secrypt11,
author={Julian Schütte},
title={APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={391-395},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003523603910395},
isbn={978-989-8425-71-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK
SN - 978-989-8425-71-3
AU - Schütte J.
PY - 2011
SP - 391
EP - 395
DO - 10.5220/0003523603910395


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - APOLLON: TOWARDS A SEMANTICALLY EXTENSIBLE POLICY FRAMEWORK
SN - 978-989-8425-71-3
AU - Schütte J.
PY - 2011
SP - 391
EP - 395
DO - 10.5220/0003523603910395