Daniel Trivellato scite author profile

Abstract-Vocabulary alignment is a main challenge in distributed access control as peers should understand each other's policies unambiguously. Ontologies enable mutual understanding among peers by providing a precise semantics to concepts and relationships in a domain. However, due to the distributed nature of ontology development, ontology alignment is required to allow peers to make informed access control decisions. The alignment should be flexible and accurate to not undermine the autonomy and reliability of peers. This paper addresses the problem of ontology alignment in distributed access control by combining ontology-based trust management with a reputation system.

show abstract

Enforcing Access Control in Virtual Organizations Using Hierarchical Attribute-Based Encryption

Asim

Ignatenko

Petković

et al. 2012

View full text Add to dashboard Cite

Virtual organizations are dynamic, inter-organizational collaborations that involve systems and services belonging to different security domains. Several solutions have been proposed to guarantee the enforcement of the access control policies protecting the information exchanged in a distributed system, but none of them addresses the dynamicity characterizing virtual organizations. In this paper we propose a dynamic hiearchical attribute-based encryption (D-HABE) scheme that allows the institutions in a virtual organization to encrypt information according to an attribute-based policy in such a way that only users with the appropriate attributes can decrypt it. In addition, we introduce a key management scheme that determines which user is entitled to receive which attribute key from which domain authority.

show abstract

A posteriori compliance control

Etalle¹,

Trivellato²

2012

View full text Add to dashboard Cite

While preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with respect to the policies they can enforce or incapable of continuing to enforce policies on data objects as they move from one system to another. In this paper we propose an approach to enforcing policies not by preventing unauthorized use, but rather by deterring it. We believe this approach is complementary to preventative policy enforcement. We call our approach APPLE for A-Posteriori PoLicy Enforcement. We introduce APPLE Core, a logical framework for using logs to verify that actions taken by the system were authorized. A trust management system is used to ensure that data objects are provided only to users operating on auditable systems who are subject to penalty should they be found in violation. This combination of audit and accountability provides a deterrence that strongly encourages trustworthy behavior, thereby allowing a high level of assurance of end-to-end policy enforcement.

show abstract

GEM: A distributed goal evaluation algorithm for trust management

Trivellato¹,

Zannone²,

Etalle³

2012

Theory and Practice of Logic Programming

View full text Add to dashboard Cite

Note: To appear in Theory and Practice of Logic Programming (TPLP). AbstractTrust management is an approach to access control in distributed systems where access decisions are based on policy statements issued by multiple principals and stored in a distributed manner. In trust management, the policy statements of a principal can refer to other principals' statements; thus, the process of evaluating an access request (i.e., a goal) consists of finding a "chain" of policy statements that allows the access to the requested resource. Most existing goal evaluation algorithms for trust management either rely on a centralized evaluation strategy, which consists of collecting all the relevant policy statements in a single location (and therefore they do not guarantee the confidentiality of intensional policies), or do not detect the termination of the computation (i.e., when all the answers of a goal are computed). In this paper we present GEM, a distributed goal evaluation algorithm for trust management systems that relies on function-free logic programming for the specification of policy statements. GEM detects termination in a completely distributed way without disclosing intensional policies, thereby preserving their confidentiality. We demonstrate that the algorithm terminates and is sound and complete with respect to the standard semantics for logic programs.

show abstract

A Flexible Architecture for Privacy-Aware Trust Management

Böhm

Etalle

Hartog

et al. 2010

J. theor. appl. electron. commer. res.

View full text Add to dashboard Cite

In service-oriented systems a constellation of services cooperate, sharing potentially sensitive information and responsibilities. Cooperation is only possible if the different participants trust each other. As trust may depend on many different factors, in a flexible framework for Trust Management (TM) trust must be computed by combining different types of information. In this paper we describe the TAS 3 TM framework which integrates independent TM systems into a single trust decision point. The TM framework supports intricate combinations whilst still remaining easily extensible. It also provides a unified trust evaluation interface to the (authorization framework of the) services. We demonstrate the flexibility of the approach by integrating three distinct TM paradigms: reputation-based TM, credential-based TM, and Key Performance Indicator TM. Finally, we discuss privacy concerns in TM systems and the directions to be taken for the definition of a privacy-friendly TM architecture.

show abstract

POLIPO: Policies & OntoLogies for Interoperability, Portability, and autOnomy

Trivellato¹,

Spiessens²,

Zannone³

et al. 2009

View full text Add to dashboard Cite

In this paper we identify the requirements for the definition of a security framework for distributed access control in dynamic coalitions of heterogeneous systems. Based on the elicited requirements, we introduce the POLIPO framework that combines distributed access control with ontologies to give a globally understandable semantics to policies, enabling interoperability among heterogeneous systems.

show abstract

A Semantic Security Framework for Systems of Systems

Trivellato

Zannone

Glaundrup

et al. 2013

Int. J. Coop. Info. Syst.

View full text Add to dashboard Cite

Systems of systems (SoS) are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the SoS paradigm has a strong impact on systems interoperability and on the security requirements of the collaborating parties. In this paper, we introduce a service-oriented security framework that protects the information exchanged among the parties in an SoS, while preserving parties' autonomy and interoperability. Confidentiality and integrity of information are protected by combining context-aware access control with trust management. Autonomy and interoperability among parties are enabled by the use of ontology-based services. More precisely, parties may refer to different ontologies to define the semantics of the terms used in their security policies and to describe domain knowledge and context information; a semantic alignment technique is then employed to map concepts from different ontologies and align the parties' vocabularies. We demonstrate the applicability of our solution by deploying a prototype implementation of the framework in an SoS in the maritime safety and security domain.

show abstract

A Security Framework for Systems of Systems

Trivellato

Zannone

Etalle

2011

View full text Add to dashboard Cite

Abstract-Systems of systems consist of a wide variety of dynamic, distributed coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, this new paradigm has a strong impact on system interoperability and on the security requirements of collaborating parties. In this demo we present the prototype implementation of a security framework that addresses the security challenges of systems of systems.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.