Semantic Security Policy Matching in Service Oriented Architectures

Abstract

Cloud computing poses several new security andprivacy challenges, mainly related to resource sharing, interoperabilityand dinamicity among different providers. Althoughpolicy specification languages address some of these challenges,many issues still have to be faced with. Policy matching is todayperformed by way of syntactical approaches, which may limitthe selection of suitable services on the one hand, and theflexibility and the dinamicity of the matching process on theother one. In this work we propose a semantic approach that,by means of semantic annotations to WS-Policy documents,allows for an improved matching of security requirementsand capabilities based on their actual meaning. The proposedapproach has been validated through a case study that showshow a pure syntactic-based mechanism of WS-Policy wouldhave failed in matching two actually compatible policies.