Secure and reliable Wireless and Ad hoc COMmunications

http://www.swacom.org

Josef Noll, josef.noll@unik.noProf., Connected Life

University Graduate Center (UNIK)/University of Oslo (UiO)

SWACOM.org

NFR-project No. 172462/S10, SWACOM Start date July 2006, duration 4 years3 PhD, 1 Postdoc

Objectivesanalyze vulnerabilities mechanisms for secure and reliable networks using wireless communicationsfocus in WP2 on “role-based access”

Partners

University of Stavanger (UiS)University Graduate Centre at Kjeller (UNIK), University of Agder (UiA) Norwegian Defence Research Establishment (FFI), Thales Norway, Konsberg Defence Communication (KDC), Telenor R&I, Birdstep Technology ASA.

International PartnersAalborg University, Denmark; University of Malaga, Spain; Universidad Politecnica de Valencia, Spain; Lund University, Sweden; Linköping University, Sweden; Chinese Academy of Science, China

SW

AC

OM

Secure wireless and ad hoc communication

User Mobility and Service Continuity

Reliable communications in

mobile ad hoc networks

Identity based Service/Content Access - Using Roles and Relations to Control Access

Mohammad M. R. Chowdhury

PhD Candidate

UNIK-University Graduate Center/University of Oslo

mohammad@unik.no

Human roles and relations

June 09, 2008; MushfiqSWACOM Meeting, Grimstad 4

Human Roles and Relations

Personal roleCorporate

roles

Social roles

Used to define virtual identities Social Identity (SID)Corporate Identity (CID)Personal Identities (PID)

source: Mohammad M. R. Chowdhury, UNIK

Scenario: Corporate access

June 09, 2008; MushfiqSWACOM Meeting, Grimstad 8

Assumptions: All the users are authenticated

Requirements: users having specific roles can access relevant resources belong to the project/department they involve in with right privileges.

Access depends on –

• Roles

• Multiple Roles by a user in different work unit

• Role plays in which dept./project

• Role contains which privileges

• Resources need which privileges

source: Mohammad M. R. Chowdhury, UNIK

Architectural overview

June 09, 2008; MushfiqSWACOM Meeting, Grimstad 18

Mapping required to represent the correspondence between the elements of the ontologies

Limitations:

Manual mapping (complex and tedious)

source: Mohammad M. R. Chowdhury, UNIK

Implementation using OWL-DL and SWRL

June 09, 2008; MushfiqSWACOM Meeting, Grimstad 10

• Used rule based reasoner for the neccessary deductions

• SWRL + SQWRL + Jess Rule Engine

source: Mohammad M. R. Chowdhury, UNIK

Conclusions

SWACOM project focusses on role-based identitiesUsing ontologies and rules (OWL-DL and SWRL) for access control policy descriptionsIssues

Limited expressiveness - “Open world reasoning”Interworking of ontologies (mediation)“privacy” of parts of ontologies

Implementation with focus on document access policies