A Semantic Model to Support Security Matching in Cloud Environments

Giuseppe Di Modica, Orazio Tomarchio

2013

Abstract

Despite its technological advances, cloud computing's adoption is not as wide as expected. Security is still a big concern that prevents many to ``cloudify'' their applications and put their data in the hands of a cloud provider. Also, interoperable scenarios fostered by SOA technologies exacerbate the security question, as customers have to deal with multiple providers who, in their turn, must establish mutual trust relationships in order to interoperate. In the last few years, policies are being used as a means to build networks of trustiness among cloud providers. Standards and specifications on security management through policies have also appeared. We argue that the main problem with this approach is that policies are expressed through syntactic languages which, if processed by computers, show well-known limitations. We then propose an approach that leverages on the semantic technologies to enrich security policies with semantic contents enabling machine reasoning. The framework we developed caters for the security needs of both customers and providers, and aims at making a smart match between what is requested and what is offered in terms of security. On the user side, no extra effort is required than specifying their security policies according to well-established security notations; an automatic procedure is committed to adding semantic content to the policies.

References

  1. Damianou, N., Dulay, N., Lupu, E., and Sloman, M. (2001). The ponder policy specification language. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks, POLICY 7801, pages 18-38, London, UK. Springer-Verlag.
  2. Di Modica, G. and Tomarchio, O. (2011a). Semantic annotations for security policy matching in WSPolicy. In SECRYPT 2011 - Proceedings of the International Conference on Security and Cryptography, pages 443-449, Seville (Spain).
  3. Di Modica, G. and Tomarchio, O. (2011b). Semantic Security Policy Matching in service oriented architectures. In Proceedings - 2011 IEEE World Congress on Services, SERVICES 2011, pages 399-405, Washington DC (USA).
  4. Di Modica, G. and Tomarchio, O. (2012). A semantic discovery frame work to support supply-demand matchmaking in cloud service markets. In CLOSER 2012 - Proceedings of the 2nd International Conference on Cloud Computing and Services Science, pages 533- 541, Porto (Portugal).
  5. Garcia, D. Z. G. a. and Felgar de Toledo, M. B. (2008). Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes. In 2008 IEEE International Conference on Semantic Computing, pages 331-338. Ieee.
  6. Kagal, L., Finin, T., and Joshi, A. (2003). A policy language for a pervasive computing environment. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 7803, pages 63-, Washington, DC, USA. IEEE Computer Society.
  7. Kim, A., Luo, J., and Kang, M. (2005). Security ontology for annotating resources. In On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE, pages 1483-1499. Springer.
  8. Liccardo, L., Rak, M., Di Modica, G., and Tomarchio, O. (2012). Ontology-based Negotiation of Security Requirements in Cloud. In Computational Aspects of Social Networks (CASoN), 2012 Fourth International Conference on, pages 192 -197, Sao Carlos (Brasil).
  9. OASIS (2012). WS-SecurityPolicy 1.3. OASIS Standard. Available at http://www.oasis-open.org/specs/.
  10. Paolucci, M., Kawamura, T., Payne, T. R., and Sycara, K. P. (2002). Semantic matching of web services capabilities. In ISWC 7802: Proceedings of the First International Semantic Web Conference on The Semantic Web, pages 333-347, London, UK. Springer-Verlag.
  11. Papazoglou, M. P. and van den Heuvel, W.-J. (2007). Service Oriented Architectures: approaches, technologies and research issues. VLDB Journal, 16(3):389- 415.
  12. Phan, T., Han, J., Schneider, J., Ebringer, T., and Rogers, T. (2008). A survey of policy-based management approaches for Service Oriented Systems. In Software Engineering, 2008. ASWEC 2008. 19th Australian Conference on, pages 392-401. IEEE.
  13. Speiser, S. (2010). Semantic Annotations for WS-Policy. In IEEE International Conference on Web Services (ICWS 2010), pages 449-456. IEEE.
  14. Sriharee, N., Senivongse, T., Verma, K., and Sheth, A. (2004). On using ws-policy, ontology, and rule reasoning to discover web services. In Intelligence in Communication Systems, number May 2004, pages 246-255. Springer.
  15. Tonti, G., Bradshaw, J., Jeffers, R., Montanari, R., Suri, N., and Uszok, A. (2003). Semantic Web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In International Semantic Web Conference (ISWC2003), pages 419-437, Florida (USA). Springer.
  16. Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., and Lott, J. (2003). Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 7803, pages 93-, Washington, DC, USA. IEEE Computer Society.
  17. Verma, K., Akkiraju, R., and Goodwin, R. (2005). Semantic matching of Web service policies. In Semantic Web Policy Workshop (SDWP 2005).
  18. W3C (2007). Web services policy 1.5 - framework. W3C Recommendation. Available at http://www.w3.org/ TR/ws-policy/.
  19. Zheng-qiu, H., Li-fa, W., Zheng, H., and Hai-guang, L. (2009). Semantic Security Policy for Web Service. In 2009 IEEE International Symposium on Parallel and Distributed Processing with Applications, pages 258- 262. Ieee.
Download


Paper Citation


in Harvard Style

Di Modica G. and Tomarchio O. (2013). A Semantic Model to Support Security Matching in Cloud Environments . In Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-8565-52-5, pages 427-436. DOI: 10.5220/0004375704270436


in Bibtex Style

@conference{closer13,
author={Giuseppe Di Modica and Orazio Tomarchio},
title={A Semantic Model to Support Security Matching in Cloud Environments},
booktitle={Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2013},
pages={427-436},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004375704270436},
isbn={978-989-8565-52-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - A Semantic Model to Support Security Matching in Cloud Environments
SN - 978-989-8565-52-5
AU - Di Modica G.
AU - Tomarchio O.
PY - 2013
SP - 427
EP - 436
DO - 10.5220/0004375704270436