xacml based composition policies for ambient networks
play

XACML-Based Composition Policies for Ambient Networks Carlos - PowerPoint PPT Presentation

Aug 12, 2023 •246 likes •468 views

Policy 2007 13-15 June 2007 - Bologna, Italy XACML-Based Composition Policies for Ambient Networks Carlos Kamienski (cak@ufabc.edu.br) Joseane Fidalgo (joseane@gprt.ufpe.br) Ramide Dantas (ramide@gprt.ufpe.br) Djamel Sadok

  1. Policy 2007 13-15 June 2007 - Bologna, Italy XACML-Based Composition Policies for Ambient Networks Carlos Kamienski (cak@ufabc.edu.br) Joseane Fidalgo (joseane@gprt.ufpe.br) Ramide Dantas (ramide@gprt.ufpe.br) Djamel Sadok (jamel@cgprt.ufpe.br) Börje Ohlman (Borje.Ohlman@ericsson.com)

  2. Introduction Ambient Networks (AN): new challenges to the management discipline The key concept is network composition network composition , for allowing instant and dynamic access to services and resources Policies: adequate solution for providing Flexibility Distributed control Self-management Traditional management approaches not designed to deal with Internet services for mobile users 2

  3. Previous Experience Design and implementation of a AN1 AN1 P2P-based version of PBMAN ANI ANI User PEP User PEP PEP ACS ACS ACS ACS PEP ACS ACS User User ACS ACS PBMAN = Policy-based Management Framework for Ambient Networks User User User User ACS ANI ANI ACS ACS ACS PDN ACS PDN ACS PDN ACS PDN ACS ANI ANI Policies used for access control PEP PEP ACS ACS PEP PEP No policies for composition, which is PEP PEP ACS ACS ACS ACS the most important feature of AN ANI ANI Proof-of-concept prototype ANI ANI AN AN 2 2 implemented User User PDN ACS PDN ACS User PDN ACS PDN ACS User User User ACS ACS ACS ACS ACS ACS Important feedback for a new version of PBMAN 3

  4. Paper Proposal To provide a PBM solution for Ambient Networks (AN), focusing on AN composition Extension to the AN Architecture Expected contributions An architecture for PBM for AN, built upon the previous architecture, based on P2P Policies are first class citizens New composition framework for AN Modeling of a simple scenario Policies for AN composition are proposed Policies are written in XACML (extended) 4

  5. PBMAN Architecture Agent Layer Application Area Support Area Voice Video Security File QoS Mobility Sharing Policy Layer Policy Layer Storage Layer 5

  6. Networks and Nodes Policy Decision Network (PDN) Policy Layer Nodes (e.g. servers) interconnected by design P-Nodes: management and policy decision tasks Storage Network (STN) Storage Layer S-Nodes: repository-specific nodes Agent Network (AGN) Agent layer A-Nodes: hosts, devices,… (PEPs) Nodes are not necessarily physical entities 6

  7. Composition Framework Different network entities have different composition requirements PBMAN identifies different composition classes to obtain efficient design and implementation Composition Dimensions Role : Agent, Policy and Storage Compositions Scope : Network, Node and Startup Compositions Examples: Policy Network Composition, Agent Node Composition All of them controlled by policies 7

  8. Structured PDN P-Node A-Node A-Node Agent S-Node Agent P-Node Structured A-Node P-Node Agent A-Node PDN PDN ACS PDN ACS S-Node Agent S-Node P-Node A-Node Agent A-Node S-Node Agent A-Node A-Node Agent Agent 8

  9. Policy and Storage Composition PDN P-Node P-Node P-Node P-Node S-Node S-Node S-Node S-Node STN 9

  10. Policy Network Composition - Before P B2 P B2 P B1 P B1 P A2 P A2 P A1 P A1 PDN B PDN B PDN B PDN ACS PDN ACS PDN ACS - Single - Single - Single Single Single Single PDN PDN PDN PDN ACS PDN ACS PDN ACS B - B - B - PDN A PDN A PDN A PDN PDN PDN PDN ACS PDN ACS PDN ACS A - A - A - - Single - Single - Single Single Single Single PDN ACS PDN ACS PDN ACS P A3 P A3 P A4 P A4 P B4 P B4 P B3 P B3 10

  11. Policy Network Composition - After P AB1 P AB2 P A1 P B2 P A2 P B1 PDN ACS PDN ACS PDN A PDN A PDN ACS PDN ACS - Single - Single Single Single PDN PDN A - A - PDN ACS PDN ACS PDN B PDN B PDN PDN PDN ACS PDN ACS B - B - - Single - Single Single Single P A3 P A4 P B3 P B4 PDN AB PDN AB P AB3 Com posed Com posed P AB4 When networks get composed, policies of both networks are composed too 11

  12. Agent Node Composition A A A A Agent A A 1 Agent Network PDN ACS PDN ACS A Network PDN ACS PDN ACS A A A A P A 1 P A 1 P P PDN PDN ACS PDN ACS P P PDN PDN ACS PDN ACS User P User P A-Node Node Compositio Authentication n 12

  13. Scenario Modeling and Policies Core Network User Home ISP Video ISP Access Network (WiFi Hot Spot) 13

  14. Scenario: Characteristics Scenario comprised of two distinct phases Bootstrapping all networks Using services (network access and video) Compositions for bootstrap Node and Startup compositions (policy, storage and agent) Composition for service usage Network and Node compositions (policy and storage) Both involve the three layers of the architecture 14

  15. Transaction for Bootstrapping (Wi-Fi access service) 15

  16. Policies for Bootstrapping (XACML policies – simplified syntax) Policy P1; Priority : 1; Type : node-composition; Effect : Permit Target : resource=access-agent-network subject=any-node action=compose Condition : CA.agentNetUp(access-agent-network) Processing : CA.addAttribute (access-agent-network.ca-dynamic-nodes, $request.node) Obligation : n/a 16

  17. Policies for Bootstrapping Policy P2; Priority : 1; Type : node-composition; Effect : Permit Target : resource=access-agent-network subject=any-node action=compose Condition : ! CA.agentNetUp(access-agent-network) Processing : Composition. request (resource= access-agent-network; subject=$request-node; action= compose ; role= agent ; scope= startup ) Obligation : n/a 17

  18. Policies for Service Usage Policy P4; Priority : 0; Type : access-control; Effect : Permit Target : resource=any-service; subject=any-subject; action=start Condition : $request.an <> $CA.id && !CA.policyNetUp($request.an,$CA.id) Processing : Composition.request (resource=$request.an; subject=$CA.id; action= compose ; role= policy ; scope= network ) Processing : Service.request (resource=$request.service; subject=$request.subject; action=$request.action) Obligation : n/a 18

  19. Policies for Service Usage Policy P6; Priority: 2; Type: node-composition; Effect: Permit Target : resource=video-agent-network; subject=any-node; action=compose Condition : CA.agentNetUp(video-agent-network) && CA.isUser($request.node) && video-agent-network.current-users < video-agent-network. max-user Processing : CA.addAttribute(video-agent-network. ca-dynamic-users, $request-node) Processing : CA.addAttribute(video-agent-network. ca-current-users, 1) Obligation : n/a 19

  20. Current Status and Future Work Current Status Most specifications are done Prototype development is being finished (p2p storage) Evaluation will begin soon Transactions and policies have been rewritten Future Work Support for conflict resolution User-friendly PMT (under development) Add support for mobility and wireless users 20

  21. Conclusions PBMAN2: PBM framework for Ambient Networks Current concepts evolve from an early version PBMAN now uses XACML Simple scenario modeled and policies written Lessons learned (so far) Putting policies to work needs more effort than just writing policies Framework needed with the right “slots” for policies The problem is in the details Implementation needed to be down-to-earth Writing policies is not easy A good Policy Management Tool is needed 21

  22. Policy 2007 13-15 June 2007 - Bologna, Italy XACML-Based Composition Policies for Ambient Networks Thank You! This work was supported by the Research and Development This work was supported by the Research and Development Centre, Ericsson Telecomunica Telecomunicaç ções ões S.A., Brazil S.A., Brazil Centre, Ericsson

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Opportunistic Composition of Human- Opportunistic composition Computer Interactions in Ambient

Opportunistic Composition of Human- Opportunistic composition Computer Interactions in Ambient

Opportunistic Composition of Human- Opportunistic composition Computer Interactions in Ambient Spaces Ambient env. Our approach Plastic HCI Augustin Degas Requirements Ergonomic criteria Sylvie Trouilhet - Jean-Paul Arcangeli, IRIT

379 views • 21 slides
XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS

XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS

XACML and Role-Based Access Control Jason Crampton Royal Holloway, University of London DIMACS Workshop on Secure Web Services and e-Commerce XACML and RBAC/Introduction Jason Crampton Programme Examine the XACML standard and the XACML RBAC

499 views • 32 slides
Roundtable Discussion on Food Composition Database education/policies December 17-18, 2015

Roundtable Discussion on Food Composition Database education/policies December 17-18, 2015

Nutrition/ Agricultural food security/health/ Policies Roundtable Discussion on Food Composition Database education/policies December 17-18, 2015 Research Development of food composition database with good quality in ASEAN Food based

582 views • 6 slides
XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling

XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling

XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling Overview by Yuri Demchenko On behalf of OSG/EGEE AuthZ Interoperability WG and Phosphorus project SNE Group, University of Amsterdam TF-EMC2 Meeting 3

633 views • 50 slides
XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of

XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of

Department of Computer Sciences XACML Function Annotations Prathima Rao Dan Lin Elisa Bertino IEEE POLICY 2007 Department of Computer Sciences XACML OASIS standard for specifying access control policies in enterprise systems. XML

341 views • 11 slides
Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado

Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado

Using XACML for access control in Social Networks Anna Carreras, Eva Rodrguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politcnica de Catalunya (UPC) W3C Workshop on Access Control Application Scenarios

712 views • 24 slides
? ? 2016 2010 This talk What it is about Password Composition Policies (PCP) Replication

? ? 2016 2010 This talk What it is about Password Composition Policies (PCP) Replication

A Second Look at Password Composition Policies in the Wild: Comparing Samples from 2010 and 2016 Peter Mayer, Jan Kirchner, Melanie Volkamer ? ? 2016 2010 This talk What it is about Password Composition Policies (PCP) Replication of

637 views • 29 slides
Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri

Using SAML and XACML for Complex Resource Provisioning in Grid based Applications Yuri Demchenko, Leon Gommans, Cees de Laat System and Network Engineering Group University of Amsterdam POLICY2007 Workshop 13-15 June 2007, Bologna Outline

532 views • 25 slides
XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored

XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored

XACML eXtensible Access Control Markup Language Dennis Kafura Derived from materials authored by: Hal Lockhart Entegrity Solutions and OASIS XACML Draft Standard CS 6204, Spring 2005 1 2 Dataflow Model From: OASIS XACML Specification

929 views • 16 slides
Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1 Sabrina De Capitani di Vimercati

Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1 Sabrina De Capitani di Vimercati

Extending XACML for Open Web-based Scenarios Claudio A. Ardagna 1 Sabrina De Capitani di Vimercati 1 Stefano Paraboschi 2 Eros Pedrini 1 Pierangela Samarati 1 Mario Verdicchio 2 (1) Universit` a degli Studi di Milano, (2) Universit` a degli Studi

202 views • 19 slides
An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Agent-Based Information Sharing for Ambient Intelligence

Agent-Based Information Sharing for Ambient Intelligence

Agent-Based Information Sharing for Ambient Intelligence Andrei Olaru and Cristian Gratie AI-MAS Group, University Politehnica,

853 views • 53 slides
Agent-Based Information Sharing for Ambient Intelligence

Agent-Based Information Sharing for Ambient Intelligence

Agent-Based Information Sharing for Ambient Intelligence Andrei Olaru AI-MAS Group, University Politehnica Bucharest LIP6,

784 views • 43 slides
Optimal service selection policies for dynamic service composition Miroslav ivkovi University

Optimal service selection policies for dynamic service composition Miroslav ivkovi University

Optimal service selection policies for dynamic service composition Miroslav ivkovi University of Amsterdam (UvA) System and Network Engineering Group m.zivkovic@uva.nl Joost Bosman, Hans van den Berg, Rob van der Mei, Erik Meeuwissen,

398 views • 18 slides
May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem

May 26: Covert Channels Covert channels Composition of policies Problem Deterministic Noninterference Nondeducibility Generalized Noninterference Restrictiveness May 26, 2017 ECS 235B Spring Quarter 2017 Slide #1

370 views • 33 slides
Identifying Carotid Plaque Composition in MRI with Convolutional Neural Networks Author: Yuxi

Identifying Carotid Plaque Composition in MRI with Convolutional Neural Networks Author: Yuxi

Identifying Carotid Plaque Composition in MRI with Convolutional Neural Networks Author: Yuxi Dong Director: Wei Xu 1 Identifying Carotid Plaque Composition in MRI with Convolutional Neural Networks Background: Atherosclerosis Caused by

692 views • 47 slides
Measurement of ambient neutrons in an underground laboratory at Kamioka Observatory Keita

Measurement of ambient neutrons in an underground laboratory at Kamioka Observatory Keita

Measurement of ambient neutrons in an underground laboratory at Kamioka Observatory Keita Mizukoshi Kobe University TAUP2019 at Toyama International Conference Center 9 Sep. 2019 Introduction Neutron is the one of the most serious

346 views • 19 slides
1 Far Cry 3 is coming out this September and is a realistic shooter set in a remote island, far

1 Far Cry 3 is coming out this September and is a realistic shooter set in a remote island, far

1 Far Cry 3 is coming out this September and is a realistic shooter set in a remote island, far off the edge of the map. Awesome lighting was a crucial factor to achieving the visual fidelity for the game. 2 One of the lighting features that

883 views • 63 slides
Kevin Robertson Y. Ping Hsieh Glynnis Bugna Tall Timbers Florida A&amp;M University Florida

Kevin Robertson Y. Ping Hsieh Glynnis Bugna Tall Timbers Florida A&amp;M University Florida

Kevin Robertson Y. Ping Hsieh Glynnis Bugna Tall Timbers Florida A&amp;M University Florida A&amp;M University H 2 O CO 2 C x H y O z + 2O 2 CO PM NO, NO 2 VOCs (CH 4 , PAHs) PM 2.5 Emission Factor (EF) = PM 2.5 emitted / fuel consumed

700 views • 36 slides
Information Flow in Boxed Ambient I. Salvo a joint work ( in progress ) with: M. Bugliesi, G.

Information Flow in Boxed Ambient I. Salvo a joint work ( in progress ) with: M. Bugliesi, G.

Information Flow in Boxed Ambient I. Salvo a joint work ( in progress ) with: M. Bugliesi, G. Castagna, S. Crafa journees methode formelle pour la mobilit` e, Paris, December 6, 2002 1 Outline of the talk From Mobile Ambients to

317 views • 28 slides
The Fragment Shader CS418 Computer Graphics John C. Hart Fragment Pipeline Rasterization Model

The Fragment Shader CS418 Computer Graphics John C. Hart Fragment Pipeline Rasterization Model

The Fragment Shader CS418 Computer Graphics John C. Hart Fragment Pipeline Rasterization Model Vertex Clip Clip &amp; Window Viewport Coords W2V Interpolation Coords Shader Coords Divide Coords Depth Fragment Pixels Fragments

92 views • 8 slides
Sensing Mobile Devices and what it means for app developers Why the Sensory Smartphone?

Sensing Mobile Devices and what it means for app developers Why the Sensory Smartphone?

Sensing Mobile Devices and what it means for app developers Why the Sensory Smartphone? Smartphones are becoming more and more powerful And near ubiquitous They are adding all the capabilities that we have as sensing human

716 views • 25 slides
Topic 10: Lighting &amp; Reflection models Lighting &amp; reflection The Phong reflection

Topic 10: Lighting &amp; Reflection models Lighting &amp; reflection The Phong reflection

Topic 10: Lighting &amp; Reflection models Lighting &amp; reflection The Phong reflection model diffuse component ambient component specular component Spot the differences Terminology Illumination The transport of

1.08k views • 30 slides
Role of Electrochemical Reactions in the Degradation Mechanisms of AlGaN/GaN HEMTs Feng Gao 1,2 ,

Role of Electrochemical Reactions in the Degradation Mechanisms of AlGaN/GaN HEMTs Feng Gao 1,2 ,

Role of Electrochemical Reactions in the Degradation Mechanisms of AlGaN/GaN HEMTs Feng Gao 1,2 , Bin Lu 2 , Carl V. Thompson 1 , Jess del Alamo 2 , Toms Palacios 2 1. Department of Materials Science and Engineering, Massachusetts Institute

702 views • 32 slides

More recommend