A Comparison of Terminological and Rule-based Policy Languages PieroABonatti Università di Napoli Federico II A Comparison of Terminological and Rule-based Policy Languages 54CC4CD89737FA2B3D2824A86FEB0709 GROBID - A machine learning software for extracting information from scholarly documents

Security and privacy policies commonly consist of declarative constraints over resource usage (data and services). Therefore logic-based representation languages are well-suited as a foundation of policy languages. Indeed, the semantics of standard languages like XACML can be reformulated in a logic-based fashion similar to the encoding adopted in [2]; moreover, both description logics and logic programming languages (i.e., the two main families of knowledge representation formalisms) have been proposed as policy languages, see KAOS, [7], REI [5], RT [6], Cassandra [1], PeerTrust [4], and PROTUNE [3] just to name a few approaches.

Policy-related processing involves several different reasoning tasks over the axioms that constitute a policy:

-An authorization A is granted iff A is entailed by the policy; -In trust negotiation, a set of credentials C unlocks a resource R iff C and the policy together entail the authorization to use R; the process of finding the sets C that enjoy this property (given the desired authorization for R) is called abduction;

-Usability, awareness, and validation issues make it very important to support explanation facilities such as those supplied by expert systems; explanation facilities convert axioms and proofs into natural language text understandable by people with no specific training in knowledge representation or computer science; when such documentation is produced automatically, it is guaranteed to be always aligned with the policy actually applied by the system; moreover, automated explanation facilities can produce contextualized documentation, relative to specific transactions;

-A natural privacy-related operation is comparing the privacy policy published by a web site with the privacy preferences of a user; the relevant question here is whether the information disclosures permitted by the web site's policy will always be permitted also by the user's privacy policy. Policy comparison can also be useful in assessing the results of a policy update; it can answer the question of whether the new policy is more permissive or more restricted than the old one.

In this talk we will assess different knowledge representation formalisms as policy languages for security and privacy, taking into account not only the kind of constraints that they can express on resource usage, but also the degree to which the above reasoning tasks can be supported. We will conclude that currently rulebased languages are more mature than description logics as far as the general needs of security and privacy policy languages are concerned.

Cassandra: Distributed access control policies with tunable expressiveness YMoritz PeterBecker Sewell 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004)
Yorktown Heights, NY, USA
 IEEE Computer Society June 2004 An algebra for composing access control policies PieroBonatti SabrinaDe Capitani Di Vimercati PierangelaSamarati ACM Trans. Inf. Syst. Secur 5 1 2002 Driving and monitoring provisional trust negotiation with metapolicies APiero DanielBonatti Olmedilla 6th IEEE Policies for Distributed Systems and Networks (POLICY 2005)
Stockholm, Sweden
 IEEE Computer Society June 2005 No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web RitaGavriloaie WolfgangNejdl DanielOlmedilla KentESeamons MarianneWinslett 1st European Semantic Web Symposium Lecture Notes in Computer Science
ESWS; Heraklion, Crete, Greece
 Springer 2004. May 2004 3053 A policy language for a pervasive computing environment LalanaKagal TimothyWFinin AnupamJoshi Policies for Distributed Systems and Networks IEEE Computer Society 2003. June 2003 IEEE 4th International Workshop on Design of a role-based trust-management framework NinghuiLi JohnCMitchell WilliamHWinsborough IEEE Symposium on Security and Privacy 2002 Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement AUszok JBradshaw RJeffers NSuri PHayes MBreedy LBunch MJohnson SKulkarni JLott Policies for Distributed Systems and Networks ACM Press 2003. June 2003 IEEE 4th International Workshop on