Efficient Security Policy Reconciliation in Tactical Service Oriented Architectures

  • Vasileios GkioulosEmail author
  • Stephen D. Wolthusen
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 670)


Tactical mobile ad-hoc networks are likely to suffer from highly restricted link capacity and intermittent connectivity loss, but must provide secure access to services. The conditions under which services may be accessed and which security requirements must be maintained will vary dynamically, and local policies will hence change on a per-node basis even when starting from a common baseline such as when nodes obtain new information.

In this paper we describe a mechanism allowing structured security policies to incorporate such local changes but to efficiently reconcile across tactical SOA networks, allowing the derivation of policy decisions as precomputed Horn clauses or directly reasoning over a description logic fragment. This mechanism minimises the communication overhead compared to earlier work whilst maintaining policy integrity, thereby allowing security policies to adapt to resource and network constraints and other local knowledge such as node compromises and blacklisting.


Ad hoc network Reconciliation Security Security policies Tactical network 



The results described in this work were obtained as part of the EDA (European Defence Agency) project TACTICS (Tactical Service Oriented Architecture). The TACTICS project is jointly undertaken by Patria (FI), Thales Communications&Security (FR), Fraunhofer-Institut fur Kommunikation, Informationsverarbeitung und Ergonomie FKIE (DE), Thales Deutschland (DE), Leonardo (IT), Thales Italia (IT), Gjøvik University College (NO), ITTI (PL), Military Communication Institute (PL), and their partners, supported by the respective national Ministries of Defence under EDA Contract No. B 0980 GP.


  1. 1.
    Gkioulos, V., Wolthusen, S.D.: Securing tactical service oriented architectures. In: 2nd International Conference on Security of Smart Cities Industrial Control Systems and Communications-SSIC (2016)Google Scholar
  2. 2.
    Aloisio, A., Autili, M., D’Angelo, A., Viidanoja, A., Leguay, J., Ginzler, T., Lampe, T., Spagnolo, L., Wolthusen, S.D., Flizikowski, A., Sliwa, J.: TACTICS: tactical service oriented architecture. CoRR, vol. abs/1504.07578 (2015)Google Scholar
  3. 3.
    Lacy, L., Aviles, G., Fraser, K., Gerber, W., Mulvehill, A.M., Gaskill, R.: Experiences using OWL in military applications. In: Proceedings of the OWLED 2005 Workshop on OWL: Experiences and Directions, Galway, Ireland, November 11–12, 2005 (2005)Google Scholar
  4. 4.
    Semy, S.K., Pulvermacher, M.K., Obrst, L.J., Pulvermacher, M.K.: Toward the use of an upper ontology for U.S. government and U.S. military domains: an evaluation. Technical report, Submission to Workshop on Information Integration on the Web (IIWeb-04), in Conjunction with VLDB-2004 (2004)Google Scholar
  5. 5.
    Uszok, A., Bradshaw, J., Lott, J., Johnson, M., Breedy, M., Vignati, M., Whittaker, K., Jakubowski, K., Bowcock, J., Apgard, D.: Toward a flexible ontology-based policy approach for network operations using the kaos framework. In: Military Communications Conference, 2011 - MILCOM 2011, pp. 1108–1114, November 2011Google Scholar
  6. 6.
    Bunch, L., Bradshaw, J., Young, C.: Policy-governed information exchange in a U.S. army operational scenario. In: IEEE Workshop on Policies for Distributed Systems and Networks, 2008, POLICY 2008, pp. 243–244, June 2008Google Scholar
  7. 7.
    Lund, K., Eggen, A., Hadzic, D., Hafsoe, T., Johnsen, F.: Using web services to realize service oriented architecture in military communication networks. IEEE Commun. Mag. 45, 47–53 (2007)CrossRefGoogle Scholar
  8. 8.
    Trivellato, D., Zannone, N., Glaundrup, M., Skowronek, J., Etalle, P.S.: A semantic security framework for systems of systems. Int. J. Coop. Inf. Syst. 22, 1–35 (2013)CrossRefGoogle Scholar
  9. 9.
    Gkioulos, V., Wolthusen, S.D.: Enabling dynamic security policy evaluation for service-oriented architectures in tactical networks. Norw. Inf. Secur. Conf.-NISK 8, 109–120 (2015)Google Scholar
  10. 10.
    Kolovski, V., Parsia, B., Katz, Y., Hendler, J.: Representing web service policies in OWL-DL. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 461–475. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W.H., Thuraisingham, B.: ROWLBAC - representing role based access control in OWL. In: Proceedings of the 13th Symposium on Access control Models and Technologie, Estes Park, Colorado, USA. ACM Press, June 2008Google Scholar
  12. 12.
    Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: Third International Conference on Availability, Reliability and Security, 2008, ARES 2008, pp. 813–820, March 2008Google Scholar
  13. 13.
    Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) Advanced Information Systems Engineering Workshops. LNBIP, vol. 12, pp. 61–69. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  14. 14.
    Nguyen, V.: Ontologies and information systems: a literature survey. 6 (2011).
  15. 15.
    Gkioulos, V., Wolthusen, S.D.: Constraint analysis for security policy partitioning over tactical service oriented architectures. In: Advances in Networking Systems Architectures, Security, and Applications - of Springer’s Advances in Intelligent Systems and Computing (2016)Google Scholar
  16. 16.
    Fudholi, D.H., Rahayu, W., Pardede, E.: A data-driven dynamic ontology. J. Inf. Sci. 41, 383–398 (2015)CrossRefGoogle Scholar
  17. 17.
    Zablith, F., Antoniou, G., d’Aquin, M., Flouris, G., Kondylakis, H., Motta, E., Plexousakis, D., Sabou, M.: Ontology evolution: a process-centric survey. Knowl. Eng. Rev. 30(1), 45–75 (2015)CrossRefGoogle Scholar
  18. 18.
    Besana, P., Robertson, D.: Probabilistic dialogue models for dynamic ontology mapping. In: Costa, P.C.G., d’Amato, C., Fanizzi, N., Laskey, K.B., Laskey, K.J., Lukasiewicz, T., Nickles, M., Pool, M. (eds.) URSW 2005 - 2007. LNCS (LNAI), vol. 5327, pp. 41–51. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Flouris, G., Plexousakis, D., Antoniou, G.: On applying the AGM theory to DLs and OWL. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 216–231. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Hooi, Y.K., Hassan, M.F., Shariff, A.M.: A survey on ontology mapping techniques. In: Obaidat, M.S. (ed.) Advanced in Computer Science and its Applications. LNEE, vol. 279, pp. 829–836. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  21. 21.
    Choi, N., Song, I.-Y., Han, H.: A survey on ontology mapping. SIGMOD Rec. 35, 34–41 (2006)CrossRefGoogle Scholar
  22. 22.
    Euzenat, J., Shvaiko, P.: Ontology Matching, 2nd edn. Springer, Heidelberg (2013)CrossRefzbMATHGoogle Scholar
  23. 23.
    Cobéna, G., Abdessalem, T., Hinnach, Y.: A comparative study of XML diff tools. Technical report, INRIA (2004)Google Scholar
  24. 24.
    Rana, V., Singh, G.: MBSOM: an agent based semantic ontology matching technique. In: 2015 International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), pp. 267–271, February 2015Google Scholar
  25. 25.
    Heflin, J. and Hendler, J. Dynamic ontologies on the web. In: Proceedings of the Seventeenth National Conference on Artificial Intelligence (AAAI-2000), pp. 443–449. AAAI/MIT Press, Menlo Park (2000)Google Scholar
  26. 26.
    dos Reis, J.C., Pruski, C., Reynaud-Delaître, C.: State-of-the-art on mapping maintenance and challenges towards a fully automatic approach. Expert Syst. Appl. 42(3), 1465–1478 (2015)CrossRefGoogle Scholar
  27. 27.
    Klein, M., Proefschrift, A., Christiaan, M., Klein, A., Akkermans, P.: Change management for distributed ontologies. Technical report (2004)Google Scholar
  28. 28.
    Bakillah, M., Liang, S.H., Zipf, A., Mostafavi, M.A.: A dynamic and context-aware semantic mediation service for discovering and fusion of heterogeneous sensor data. J. Spat. Inf. Sci. 2013, 155–185 (2013)Google Scholar
  29. 29.
    Besana, P., Robertson, D.: How service choreography statistics reduce the ontology mapping problem. In: Aberer, K., et al. (eds.) ASWC 2007 and ISWC 2007. LNCS, vol. 4825, pp. 44–57. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Muthaiyah, S., Kerschberg, L.: Dynamic integration and semantic security policy ontology mapping for semantic web services (SWS). In: 2006 1st International Conference on Digital Information Management, pp. 116–120, December 2007Google Scholar
  31. 31.
    Khattak, A.M., Pervez, Z., Latif, K., Lee, S.: Short communication: time efficient reconciliation of mappings in dynamic web ontologies. Know.-Based Syst. 35, 369–374 (2012)CrossRefGoogle Scholar
  32. 32.
    Khattak, A., Pervez, Z., Khan, W., Khan, A., Latif, K., Lee, S.: Mapping evolution of dynamic web ontologies. Inf. Sci. 303, 101–119 (2015)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Khattak, A., Latif, K., Khan, S., Ahmed, N.: Managing change history in web ontologies. In: Fourth International Conference on Semantics, Knowledge and Grid, 2008, SKG 2008, pp. 347–350, December 2008Google Scholar
  34. 34.
    Khattak, A.M., Latif, K., Lee, S.: Change management in evolving web ontologies. Know.-Based Syst. 37, 1–18 (2013)CrossRefGoogle Scholar
  35. 35.
    Stojanovic, L., Studer, R.: Methods and tools for ontology evolution. Technical report, Universitaet Karlsruhe (TH) (2004)Google Scholar
  36. 36.
    Benerecetti, M., Bouquet, P., Ghidini, C.: On the dimensions of context dependence: partiality, approximation, and perspective. In: Akman, V., Bouquet, P., Thomason, R.H., Young, R.A. (eds.) CONTEXT 2001. LNCS (LNAI), vol. 2116, pp. 59–72. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Norwegian Information Security LaboratoryNorwegian University of Science and TechnologyGjøvikNorway
  2. 2.Norwegian Information Security LaboratoryGjøvik University CollegeGjøvikNorway
  3. 3.School of Mathematics and Information SecurityRoyal Holloway, University of LondonEghamUK

Personalised recommendations