Keith Grueneberg

Optimizing a policy authoring framework for security and privacy policies

Policies which address security and privacy are pervasive parts of both technical and social systems, and technology to enable both organizations and individuals to create and manage such policies is seen as a critical need in IT. This paper describes policy authoring as a key component to usable privacy and security systems, and advances the notions of policy templates in a policy management environment in which different roles with different skill sets are seen as important. We discuss existing guidelines and provide support for the addition of new guidelines for usable policy authoring for security and privacy systems. We describe the relationship between general policy templates and specific policies, and the skills necessary to author each of these in a way that produces high-quality policies. We also report on an experiment in which technical users with limited policy experience authored policy templates using a prototype template authoring user interface we developed.

MECA: mobile edge capture and analysis middleware for social sensing applications

In this paper, we propose and develop MECA, a common middleware infrastructure for data collection from mobile devices in an efficient, flexible, and scalable manner. It provides a high level abstraction of phenomenon such that applications can express diverse data needs in a declarative fashion. MECA coordinates the data collection and primitive processing activities, so that data can be shared among applications. It addresses the inefficiency issues in the current vertical integration approach. We showcase the benefits of MECA by means of a disaster management application.

Usable Policy Template Authoring for Iterative Policy Refinement

Dynamic Spectrum Management (DSM) is an effective method for reducing the effect of crosstalk in Digital Subscriber Line (DSL) systems. This paper discusses various DSM algorithms, including Optimal Spectrum Balancing (OSB), Iterative Spectrum Balancing (ISB), Autonomous Spectrum Balancing (ASB), Iterative Water-Filling (IWF), Selective Iterative Water-filling (SIW), Successive Convex Approximation for Low complExity (SCALE), the Difference of Convex functions Algorithm (DCA), and Distributed Spectrum Balancing (DSB). They are compared in terms of performance (achievable data rate) and computational complexity.People must have usable tools in order to author and maintain high-quality policies. In this paper we discuss policy templates as a mechanism for policy authoring. We believe that policy templates can be leveraged to make policy authoring more usable and to provide consistent policy authoring interfaces across a wide variety of policy domains. Templates provide users with a structured format for authoring policies; however, a general approach for creating policy templates has not been described in published research to date. Based on research in policy management, we propose an iterative policy refinement process that consists of three user roles and spans policy authoring, template authoring, and policy element definition. We designed a GUI-based prototype that enables users to create policy templates. In this paper we describe our proposed policy refinement process, the necessary user roles, a template authoring prototype, and the results of an empirical study of template authoring

Policy-Aware Service Composition in Sensor Networks

Sensor applications are typically composed of a number of functional components that run distributedly on the nodes of a sensor network, communicating and interacting with one another. Service composition is emerging as a viable approach towards the automatic synthesis of such sensor applications. However, for service composition to be practical, it has to comply with policies that define security and management constraints on the use of these service components and the interconnections amongst them. Prior research efforts have primarily focused on efficient evaluation of security policies during the composition process, which is not sufficient when generic network management constraints need to be expressed and evaluated. In this work, we propose a policy model and evaluation approach that enables us to define and check attribute-based policies, for controlling the sensor service composition process. Attribute-based policies are generic and allows us to express a wider spectrum of constraints than currently possible. Using this model and based on a previously-proposed sensor service composition algorithm, we introduce a policy evaluation method that allows for efficient checking of policy constraints. We further present a novel implementation of the proposed approach in the IBM Sensor Fabric, a middleware framework that simplifies the development of distributed, sensor network services. We also present preliminary performance evaluation results using our prototype.

A Negotiation Framework for Negotiation of Coalition Policies

There have been many proposed approaches to performing negotiation in terms of the negotiation procedure, the implementation of agreement, the interactions of software agents representing the different organizations, cooperation among agents, etc. However, one cannot determine a best single approach as it highly depends on the specific application and usage scenario, as well as the needs and goals of the participants. For instance, in some situations, reaching a near pareto-optimal solution is desirable even though it requires that an exhaustive search on all attributes must be performed. In other situations, time might be more valuable and therefore reaching an agreement in a timely manner might have a higher priority. In order to address many different types of negotiation goals and scenarios, there is a need for a flexible negotiation system that can incorporate various alternatives and that is easily extensible and configurable. In this paper, we provide a generic negotiation system that can support many types of negotiation protocols. The proposed system acts as a third party that facilitates the negotiation process between multiple entities and allows them to choose a common negotiation goal and a desired negotiation protocol. We will provide a demonstration of the tool at the conference.

Authoring and Deploying Business Policies Dynamically for Compliance Monitoring

A policy authoring tool is integrated into a business provenance management system for dynamically authoring, deploying and monitoring compliance. The policy authoring tool enables creation of business rules in the language business people understand and deploys them into a rule engine. Once the policy is deployed, the compliance of process execution traces stored in a business provenance management system can be checked against these rules. Salient features of the solution architecture, including semantic mapping of IT terminology into business vocabulary and transforming business rules into key control points in the compliance checking system, are explained.

Intent-based resource deployment in wireless sensor networks

Information derived from sensor networks plays a crucial role in the success of many critical tasks such as surveillance, and border monitoring. In order to derive the correct information at the right time, sensor data must be captured at desired locations with respect to the operational tasks in concern. Therefore, it is important that at the planning stage of a mission, sensing resources are best placed in the field to capture the required data. For example, consider a mission goal identify snipers, in an operational area before troops are deployed - two acoustic arrays and a day-night video camera are needed to successfully achieve this goal. This is because, if the resources are placed in correct locations, two acoustic arrays could provide direction of the shooter and a possible location by triangulating acoustic data whereas the day-night camera could produce an affirmative image of the perpetrators. In order to deploy the sensing resources intelligently to support the user decisions, in this paper we propose a Semantic Web based knowledge layer to identify the required resources in a sensor network and deploy the needed resources through a sensor infrastructure. The knowledge layer captures crucial information such as resources configurations, their intended use (e.g., two acoustic arrays deployed in a particular formation with day-night camera are needed to identify perpetrators in a possible sniper attack). The underlying sensor infrastructure will assists the process by exposing the information about deployed resources, resources in theatre, and location information about tasks, resources and so on.

Policy Supersession in a Coalition ISR Network

Policy super session provides a framework for maintaining coherence in a partitioned network. This is most relevant for mission critical policy-based networks where the on-going operations of the system require a greater level of flexibility and resilience in dealing with network communication failure.

Fine-grained policy control in U.S. Army Research Laboratory (ARL) multimodal signatures database

The U.S. Army Research Laboratory (ARL) Multimodal Signatures Database (MMSDB) consists of a number of colocated relational databases representing a collection of data from various sensors. Role-based access to this data is granted to external organizations such as DoD contractors and other government agencies through a client Web portal. In the current MMSDB system, access control is only at the database and firewall level. In order to offer finer grained security, changes to existing user profile schemas and authentication mechanisms are usually needed. In this paper, we describe a software middleware architecture and implementation that allows fine-grained access control to the MMSDB at a dataset, table, and row level. Result sets from MMSDB queries issued in the client portal are filtered with the use of a policy enforcement proxy, with minimal changes to the existing client software and database. Before resulting data is returned to the client, policies are evaluated to determine if the user or role is authorized to access the data. Policies can be authored to filter data at the row, table or column level of a result set. The system uses various technologies developed in the International Technology Alliance in Network and Information Science (ITA) for policy-controlled information sharing and dissemination1. Use of the Policy Management Library provides a mechanism for the management and evaluation of policies to support finer grained access to the data in the MMSDB system. The GaianDB is a policy-enabled, federated database that acts as a proxy between the client application and the MMSDB system.

Context-rich semantic framework for effective data-to-decisions in coalition networks

In a coalition context, data fusion involves combining of soft (e.g., field reports, intelligence reports) and hard (e.g., acoustic, imagery) sensory data such that the resulting output is better than what it would have been if the data are taken individually. However, due to the lack of explicit semantics attached with such data, it is difficult to automatically disseminate and put the right contextual data in the hands of the decision makers. In order to understand the data, explicit meaning needs to be added by means of categorizing and/or classifying the data in relationship to each other from base reference sources. In this paper, we present a semantic framework that provides automated mechanisms to expose real-time raw data effectively by presenting appropriate information needed for a given situation so that an informed decision could be made effectively. The system utilizes controlled natural language capabilities provided by the ITA (International Technology Alliance) Controlled English (CE) toolkit to provide a human-friendly semantic representation of messages so that the messages can be directly processed in human/machine hybrid environments. The Real-time Semantic Enrichment (RTSE) service adds relevant contextual information to raw data streams from domain knowledge bases using declarative rules. The rules define how the added semantics and context information are derived and stored in a semantic knowledge base. The software framework exposes contextual information from a variety of hard and soft data sources in a fast, reliable manner so that an informed decision can be made using semantic queries in intelligent software systems.