Semi-automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection

2015 IEEE World Congress on Services Pub Date : 2015-06-27 DOI:10.1109/SERVICES.2015.33

Abeer Elsafie, Jörg Schwenk

{"title":"Semi-automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection","authors":"Abeer Elsafie, Jörg Schwenk","doi":"10.1109/SERVICES.2015.33","DOIUrl":null,"url":null,"abstract":"In order to enable a secure Business-to-Business (B2B) interaction between web services, it is essential to negotiate a common security policy by computing the policy intersection according to the web service (WS)-policy framework. For this purpose, both policies are transformed into Disjunctive Normal Form (DNF). Then the intersection of the two sets of monomials (alternatives) from the two DNFs is computed. If the intersection's output is only one compatible monomial, we are done: We have found a unique security policy supported by both parties. However, two other cases are also possible: There may be more than one compatible monomial, and there may be no intersection which means, no compatible alternatives are found. In both cases, additional processing steps are required in order to communicate: If there are more than one alternatives, we would like to find the optimum security policy amongst all. If there is no intersection, we would like to find a minimal extension of the security policies to enforce an intersection. WS-policy framework does not give any information on how the policy intersection can be calculated or found when alternatives are semi-compatible or fully incompatible. In addition to the issue of multiple compatible alternatives, which alternative to choose. Current research is focusing on how to measure the compatibility, however achieving policy agreement in term of policy intersection is far from being possible. In order to address this problem we introduce two separate solutions for the two cases. For the case of more than one compatible alternative (multiple-intersection), we present a Multiple Criteria Decision Making (MCDM) model using Fuzzy Analytical Hierarchy Process (AHP) for the WS-Security Policy assertions in order to calculate the optimum security policy alternative. For the case of (no-intersection) we provide two algorithms for calculating the least upper bound (lub) or the greatest lower bound (glb) of the ordered sets to enable compatibility. We present a case example using practical policies in order to show the output using the two concepts based on Apache axis2 rampart, Apache neethi and IBM security policies. Outputs are found similar using both concepts.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"63 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE World Congress on Services","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERVICES.2015.33","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In order to enable a secure Business-to-Business (B2B) interaction between web services, it is essential to negotiate a common security policy by computing the policy intersection according to the web service (WS)-policy framework. For this purpose, both policies are transformed into Disjunctive Normal Form (DNF). Then the intersection of the two sets of monomials (alternatives) from the two DNFs is computed. If the intersection's output is only one compatible monomial, we are done: We have found a unique security policy supported by both parties. However, two other cases are also possible: There may be more than one compatible monomial, and there may be no intersection which means, no compatible alternatives are found. In both cases, additional processing steps are required in order to communicate: If there are more than one alternatives, we would like to find the optimum security policy amongst all. If there is no intersection, we would like to find a minimal extension of the security policies to enforce an intersection. WS-policy framework does not give any information on how the policy intersection can be calculated or found when alternatives are semi-compatible or fully incompatible. In addition to the issue of multiple compatible alternatives, which alternative to choose. Current research is focusing on how to measure the compatibility, however achieving policy agreement in term of policy intersection is far from being possible. In order to address this problem we introduce two separate solutions for the two cases. For the case of more than one compatible alternative (multiple-intersection), we present a Multiple Criteria Decision Making (MCDM) model using Fuzzy Analytical Hierarchy Process (AHP) for the WS-Security Policy assertions in order to calculate the optimum security policy alternative. For the case of (no-intersection) we provide two algorithms for calculating the least upper bound (lub) or the greatest lower bound (glb) of the ordered sets to enable compatibility. We present a case example using practical policies in order to show the output using the two concepts based on Apache axis2 rampart, Apache neethi and IBM security policies. Outputs are found similar using both concepts.

查看原文本刊更多论文

WS-Policy交集的半自动模糊MCDM和点阵解决方案

为了在web服务之间实现安全的企业对企业(B2B)交互，有必要根据web服务(WS)-策略框架计算策略交集，从而协商一个通用的安全策略。为此，将这两个策略转换为析取范式(DNF)。然后计算两个dnf的两组单项(备选)的交集。如果交集的输出只有一个兼容的单项式，我们就完成了:我们已经找到了双方都支持的唯一安全策略。然而，也可能存在另外两种情况:可能有多个兼容的单项，也可能没有交集，这意味着没有找到兼容的替代项。在这两种情况下，为了进行通信，都需要额外的处理步骤:如果有多个备选方案，我们希望在所有备选方案中找到最优的安全策略。如果没有交集，我们希望找到安全策略的最小扩展来强制交集。WS-policy框架没有提供任何信息，说明当替代方案是半兼容或完全不兼容时，如何计算或找到策略交集。另外还有多种兼容备选方案的问题，选择哪种备选方案。目前的研究主要集中在如何衡量政策的兼容性上，但从政策交集的角度来看，实现政策一致性是很不可能的。为了解决这个问题，我们针对这两种情况引入了两种不同的解决方案。对于有多个兼容的备选方案(多交集)的情况，我们提出了一个使用模糊层次分析法(AHP)的多标准决策(MCDM)模型，用于WS-Security策略断言，以计算最优的安全策略备选方案。对于(无交集)的情况，我们提供了两种算法来计算有序集的最小上界(lub)或最大下界(glb)以实现兼容性。为了展示使用基于Apache axis2 rampart、Apache neethi和IBM安全策略的两个概念的输出，我们提供了一个使用实际策略的案例示例。发现使用这两个概念的输出是相似的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE World Congress on Services

自引率

0.00%

发文量