Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Secure and reliable Wireless and Ad hoc COMmunications
http://www.swacom.org
Josef Noll, [email protected]., Connected Life
University Graduate Center (UNIK)/University of Oslo (UiO)
SWACOM.org
NFR-project No. 172462/S10, SWACOM Start date July 2006, duration 4 years3 PhD, 1 Postdoc
Objectivesanalyze vulnerabilities mechanisms for secure and reliable networks using wireless communicationsfocus in WP2 on “role-based access”
Partners
University of Stavanger (UiS)University Graduate Centre at Kjeller (UNIK), University of Agder (UiA) Norwegian Defence Research Establishment (FFI), Thales Norway, Konsberg Defence Communication (KDC), Telenor R&I, Birdstep Technology ASA.
International PartnersAalborg University, Denmark; University of Malaga, Spain; Universidad Politecnica de Valencia, Spain; Lund University, Sweden; Linköping University, Sweden; Chinese Academy of Science, China
SW
AC
OM
Secure wireless and ad hoc communication
User Mobility and Service Continuity
Reliable communications in
mobile ad hoc networks
Identity based Service/Content Access - Using Roles and Relations to Control Access
Mohammad M. R. Chowdhury
PhD Candidate
UNIK-University Graduate Center/University of Oslo
Human roles and relations
June 09, 2008; MushfiqSWACOM Meeting, Grimstad 4
Human Roles and Relations
Personal roleCorporate
roles
Social roles
Used to define virtual identities Social Identity (SID)Corporate Identity (CID)Personal Identities (PID)
source: Mohammad M. R. Chowdhury, UNIK
Scenario: Corporate access
June 09, 2008; MushfiqSWACOM Meeting, Grimstad 8
Assumptions: All the users are authenticated
Requirements: users having specific roles can access relevant resources belong to the project/department they involve in with right privileges.
Access depends on –
• Roles
• Multiple Roles by a user in different work unit
• Role plays in which dept./project
• Role contains which privileges
• Resources need which privileges
source: Mohammad M. R. Chowdhury, UNIK
Architectural overview
June 09, 2008; MushfiqSWACOM Meeting, Grimstad 18
Mapping required to represent the correspondence between the elements of the ontologies
Limitations:
Manual mapping (complex and tedious)
source: Mohammad M. R. Chowdhury, UNIK
Implementation using OWL-DL and SWRL
June 09, 2008; MushfiqSWACOM Meeting, Grimstad 10
• Used rule based reasoner for the neccessary deductions
• SWRL + SQWRL + Jess Rule Engine
source: Mohammad M. R. Chowdhury, UNIK
Conclusions
SWACOM project focusses on role-based identitiesUsing ontologies and rules (OWL-DL and SWRL) for access control policy descriptionsIssues
Limited expressiveness - “Open world reasoning”Interworking of ontologies (mediation)“privacy” of parts of ontologies
Implementation with focus on document access policies