E Pluribus Unum

Deduction, Abduction and Induction, the Reasoning Services for Access Control in Autonomic Communication
  • Hristo Koshutanski
  • Fabio Massacci
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3457)


Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational boundaries and is provided by entities that see each other just as business partners. Policy-base network anagement already requires a paradigm shift in the access control mechanism (from identity-based access control to trust management and negotiation), but this is not enough for cross organizational autonomic communication. For many services no partner may guess a priori what credentials will be sent by clients and clients may not know a priori which credentials are required for completing a service requiring the orchestration of many different autonomic nodes.

We propose a logical framework and a Web-Service based implementation for reasoning about access control for Autonomic Communication. Our model is based on interaction and exchange of requests for supplying or declining missing credentials. We identify the formal reasoning services that characterise the problem and sketch their implementation.


Access Control Security Policy Service Request Inductive Logic Programming Autonomic Communication 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Sloman, M., Lupu, E.: Policy specification for programmable networks. In: Covaci, S. (ed.) IWAN 1999. LNCS, vol. 1653, pp. 73–84. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Smirnov, M.: Rule-based systems security model. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 135–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Weeks, S.: Understanding trust management systems. In: IEEE Symposium on Security and Privacy (SS&P). IEEE Press, Los Alamitos (2001)Google Scholar
  5. 5.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. In: IETF RFC 2693 (1999)Google Scholar
  6. 6.
    Li, N., Grosof, B.N., Feigenbaum, J.: Delegation logic: A logic-based approach to distributed authorization. ACM TISSEC 6, 128–171 (2003)CrossRefGoogle Scholar
  7. 7.
    Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese wall security model for decentralized workflow systems. In: Proceedings of the 8th ACM CCS, pp. 48–57 (2001)Google Scholar
  8. 8.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. In: ACM TISSEC, vol. 2, pp. 65–104 (1999)Google Scholar
  9. 9.
    Georgakopoulos, D., Hornick, M.F., Sheth, A.P.: An overview of workflow management: From process modeling to workflow automation infrastructure. Distributed and Parallel Databases 3, 119–153 (1995)CrossRefGoogle Scholar
  10. 10.
    Kang, M.H., Park, J.S., Froscher, J.N.: Access control mechanisms for inter-organizational workflow. In: 6th ACM SACMAT, pp. 66–74 (2001)Google Scholar
  11. 11.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: 6th ACM SACMAT, pp. 41–52 (2001)Google Scholar
  12. 12.
    Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10, 241–272 (2002)Google Scholar
  13. 13.
    Shanahan, M.: Prediction is deduction but explanation is abduction. In: Proceedings of IJCAI 1989, pp. 1055–1060. Morgan Kaufmann, San Francisco (1989)Google Scholar
  14. 14.
    Muggleton, S., De Raedt, L.: Inductive logic programming: Theory and methods. JLP 19/20, 629–679 (1994)CrossRefGoogle Scholar
  15. 15.
    Apt, K.: Logic programming. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science. Elsevier, Amsterdam (1990)Google Scholar
  16. 16.
    de di Vimercati, S.C., Samarati, P.: Access control: Policies, models, and mechanism. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Koshutanski, H., Massacci, F.: Interactive access control for Web Services. In: 19th IFIP Information Security Conference (SEC), pp. 151–166. Kluwer Press, Dordrecht (2004)Google Scholar
  18. 18.
    Chadwick, D.W., Otenko, A.: The PERMIS X.509 role-based privilege management infrastructure. In: Seventh ACM SACMAT, pp. 135–140 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hristo Koshutanski
    • 1
  • Fabio Massacci
    • 1
  1. 1.Dip. di Informatica e TelecomunicazioniUniv. di TrentoPovo di TrentoItaly

Personalised recommendations