232 results found
Corapi D, Russo A, Lupu E, 2012, Inductive logic programming in answer set programming, Pages: 91-97, ISSN: 0302-9743
In this paper we discuss the design of an Inductive Logic Programming (ILP) system in Answer Set Programming (ASP) and more in general the problem of integrating the two. We show how to formalise the learning problem as an ASP program and provide details on how the optimisation features of modern solvers can be adapted to derive preferred hypotheses. © 2012 Springer-Verlag Berlin Heidelberg.
Increasingly organisations need to exchange and share data amongst their employees as well as with other organisations. This data is often sensitive and/or confidential, and access to it needs to be protected. Architectures to protect disseminated data have been proposed earlier, but absence of a trusted enforcement point on the end-user machine undermines the system security. The reason being, that an adversary can modify critical software components. In this paper, we present a policy-driven approach that allows us to prove the integrity of a system and which decouples authorisation logic from remote attestation. © 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering.
Asmare E, Gopalan A, Sloman M, et al., 2012, Self-Management Framework for Mobile Autonomous Systems, Journal of Network and Systems Management, Vol: 20, Pages: 244-275
The advent of mobile and ubiquitous systems has enabled the de- velopment of autonomous systems such as wireless-sensors for environmental data collection and teams of collaborating Unmanned Autonomous Vehicles (UAVs) used in missions unsuitable for humans. However, with these range of new application-domains come a new challenge – enabling self-management in mobile autonomous systems. Autonomous systems have to be able to manage themselves individually as well as to form self-managing teams which are able to recover or adapt to failures, protect themselves from attacks and optimise performance.This paper proposes a novel distributed policy-based framework that en- ables autonomous systems of varying scale to perform self-management indi- vidually and as a team. The framework allows missions to be specified in terms of roles in an adaptable and reusable way, enables dynamic and secure team formation with a utility-based approach for optimal role assignment, caters for communication link maintenance amongst team-members and recovery from failure. Adaptive management is achieved by employing a policy-based archi- tecture to enable dynamic modification of the management strategy relating to resources, role behaviour, communications and team management, without interrupting the basic software within the system.Evaluation of the framework shows that it is scalable with respect to the number of roles, and consequently the number of autonomous systems par- ticipating in the mission. It is also shown to be optimal with respect to role assignments, and robust to intermittent communication link disconnections and permanent team-member failures.
Rodrigues P, Lupu E, 2011, Model-based self-adaptive components: A preliminary approach, Pages: 73-79
Due to the increasing scale, complexity, dynamicity and heterogeneity of modern software systems, it is not feasible to solely rely upon human management to guarantee a good service level with such availability demand. Self-managing systems are needed as an effective approach to deal with those issues by exploiting adaptive techniques to adjust a system. On top of that, model-based adaptation improves reliability, hence enhancing trust in self-managing systems. However, a centralised approach can be too complex to manage thus compromising system dependability. This paper presents a preliminary decentralised approach on model-based self-adaptive components.
Craven, Lobo J, Lupu E, et al., 2011, Policy Refinement: Decomposition and Operationalization for Dynamic Domains, 7th IEEE Int. Conference on Network and Service Management (CNSM 2011), Publisher: IEEE
We describe a method for policy refinement. The refinement process involves stages of decomposition, operational- ization, deployment and re-refinement, and operates on policies expressed in a logical language flexible enough to be translated into many different enforceable policy dialects. We illustrate with examples from a coalition scenario, and describe how the stages of decomposition and operationaliztion work internally, and fit together in an interleaved fashion. Domains are represented in a logical formalization of UML diagrams. Both authorization and obligation policies are supported
Maggi FM, Corapi D, Russo A, et al., 2011, Revising Process Models through Inductive Learning, BPM 2010 Conference, Publisher: SPRINGER-VERLAG BERLIN, Pages: 182-+, ISSN: 1865-1348
Ma J, Russo A, Broda K, et al., 2011, Multi-agent abductive reasoning with confidentiality, Pages: 1071-1072
In the context of multi-agent hypothetical reasoning, agents typically have partial knowledge about their environments, and the union of such knowledge is still incomplete to represent the whole world. Thus, given a global query they need to collaborate with each other to make correct inferences and hypothesis, whilst maintaining global constraints. There are many real world applications in which the confidentiality of agent knowledge is of primary concern, and hence the agents may not share or communicate all their information during the collaboration. This extra constraint gives a new challenge to multi-agent reasoning. This paper shows how this dichotomy between "open communication" in collaborative reasoning and protection of confidentiality can be accommodated, by extending a general-purpose distributed abductive logic programming system for multi-agent hypothetical reasoning with confidentiality. Specifically, the system computes consistent conditional answers for a query over a set of distributed normal logic programs with possibly unbound domains and arithmetic constraints, preserving the private information within the logic programs. Copyright © 2011, International Foundation for Autonomous Agents and Multiagent Systems (www.ifaamas.org). All rights reserved.
We propose an efficient method to evaluate a large class of history-based policies written as logic programs. To achieve this, we dy- namically compute, from a given policy set, a finite subset of the history required and sufficient to evaluate the policies. We maintain this history by monitoring rules and transform the policies into a non history-based form. We further formally prove that evaluating history-based policies can be reduced to an equivalent, but more efficient, evaluation of the non history-based policies together with the monitoring rules.
Ma J, Russo A, Lupu E, et al., 2011, Multi-agent Confidential Abductive Reasoning, 27th International COnference on Logic Programming
Ma J, Russo A, Broda K, et al., 2011, Multi-agent Hypothetical Reasoning with Confidentiality, 10th Conference on Autonomous Agents and Multi-Agent Systems
Russello G, Scalavino E, Dulay N, et al., 2010, Coordinating data usage control in loosely-connected networks, Pages: 30-39
In a disaster-recovery mission, rescuers need to coordinate their operations and exchange information to make the right judgments and perform their statutory duties. The information exchanged may be privileged or sensitive and not generally in the public domain. For instance, the assessment of the risk level in the disaster area where a chemical plant is located requires data about the nature of the potential chemical hazards and the probability of an hazardous event to occur. Such data may contain information that could be of value to a rival company and may generate chaos if released to the public. Retaining control of data that is shared between organisations can be achieved by deploying Enterprise Rights Management (ERM) systems. However, ERM systems rely on centralised authorities that must be contacted by client applications to obtain access rights. Such centralised solutions are not practical in a disaster scenario where communication infrastructure may have been damaged by the event making very difficult to establish reliable wide-are communications. In this paper, we propose a solution for the enforcement of usage control policies that leverage on the data dissemination model of Opportunistic Networks (oppnets). Our solution, named xDUCON, relies on the data abstraction of the Shared Data Space (SDS). Data and usage control policies are represented as tuples that are disseminated across the available SDSs connected through the oppnets. © 2010 IEEE.
Scalavino E, Gowadia V, Ball R, et al., 2010, Mobile PAES: Demonstrating authority devolution for policy evaluation in crisis management scenarios, Proceedings - 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Policy 2010, Pages: 53-56
Traditional data protection schemes deployed in Enterprise Rights Management systems rely on centralised infrastructures where recipients must request authorisation for data access from remote evaluation authorities, trusted by the data originator to keep the data decryption keys and evaluate authorisation policies. During emergency situations when network connection is intermittent these solutions are no longer viable. This demonstration presents a implementation of the hierarchical Policy-based Authority Evaluation Protocol (PAES) that allows the devolution of authority over policy evaluations in a disconnected crisis area. The demonstration simulates the movements of rescuers in the area and the creation of opportunistic connections when they meet. These connections are then used for cross-evaluation of authority and distribution of cryptographic keys in addition to transmitting the data. PAES guarantees a correct policy evaluation at each encounter, so only authorised rescuers finally obtain the authority to access the disseminated data. © 2010 IEEE.
Gowadia V, Scalavino E, Lupu EC, et al., 2010, Secure Cross-Domain Data Sharing Architecture for Crisis Management, ACM-DRM Workshop, Publisher: ACM
The automation of policy refinement, whilst promis- ing great benefits for policy-based management, has hitherto received relatively little treatment in the literature, with few concrete approaches emerging. In this paper we present initial steps towards a framework for automated distributed policy refinement for both obligation and authorization policies. We present examples drawn from military scenarios, describe details of our formalism and methods for action decomposition, and discuss directions for future research.
Schaeffer A, Lupu EC, Sloman M, 2010, Policies to Enable Secure Dynamic Community Establishment, Network Science for Military Coalition Operations: Information Exchange and Interaction, Editors: Verma, Publisher: Information Science Reference, Pages: 121-145, ISBN: 9781615208555
Many coalition operations require the establishment of secure communities across the different networks that make up a coalition network. These communities are formed dynamically in order to achieve the goals of a specific mission, and frequently consist of mobile entities interconnected into a mobile ad-hoc network. Technologies are needed to create these communities, and manage their operations. In this chapter, the authors show how a framework for self-managed cells can be extended to provide this capability for coalition operations.
Calo S, Karat J, Lobo J, et al., 2010, Policy Technologies for Security Management in Coalition Networks, Network Science for Military Coalition Operations: Information Exchange and Interaction, Publisher: Information Science Reference, Pages: 146-173, ISBN: 978-1-61520-855-5
Corapi D, Russo A, Lupu E, 2010, INDUCTIVE LOGIC PROGRAMMING AS ABDUCTIVE SEARCH, 26th International Conference on Logic Programming (ICLP), Publisher: SCHLOSS DAGSTUHL, LEIBNIZ CENTER INFORMATICS, Pages: 54-63, ISSN: 1868-8969
Scalavino E, Gowadia V, Ball R, et al., 2010, Mobile PAES: Demonstrating Authority Devolution for Policy Evaluation in Crisis Management Scenarios, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Publisher: IEEE
Ma J, Broda K, Russo A, et al., 2010, Distributed Abductive Reasoning with Constraints, Declarative Agent Languages and Technologies DALT-2010 Post proceedings
Ma J, Russo A, Broda K, et al., 2010, Distributed Abductive Reasoning with Constraints, 9th Conference on Autonomous Agents and Multi-Agent Systems (AAMAS10)
Bourdenas T, Sloman M, Lupu EC, 2010, Self-healing for Pervasive Computing Systems, Publisher: Springer Berlin Heidelberg, Pages: 1-25, ISSN: 0302-9743
Ma J, Russo A, Broda K, et al., 2010, Distributed abductive reasoning with constraints., Publisher: IFAAMAS, Pages: 1381-1382
Scalavino E, Gowadia V, Lupu E, 2010, A Labelling System for Derived Data Control, Data and Applications Security and Privacy (DBSEC 2010)
Scalavino E, Russello G, Ball R, et al., 2010, An Opportunistic Authority Evaluation Scheme for Data Security in Crisis Management Scenarios, 5th ACM Symposium on Information, Computer and Communications Security, Publisher: ACM, Pages: 157-168
Bourdenas T, Sloman M, Lupu EC, 2010, Self-healing for Pervasive Computing Systems, Architecting Dependable Systems VII, Editors: Lemos, Casimiro, Gacek, Publisher: Springer, Pages: 1-25
The development of small wireless sensors and smart-phones have facilitated new pervasive applications. These pervasive systems are expected to perform in a broad set of environments with different capa- bilities and resources. Application requirements may change dynamically requiring flexible adaptation. Sensing faults appear during their lifetime and as users are not expected to have technical skills, the system needs to be self-managing. We discuss the Self-Managed Cell as an architectural paradigm and describe some fundamental components to address dis- tributed management of sensing faults as well as adaptation for wireless sensor nodes.
Sloman M, Lupu EC, 2009, Engineering Policy-Based Ubiquitous Systems, The Computer Journal, ISSN: 1460-2067
Accepted for publication
Zhu Y, Keoh S, Sloman M, et al., 2009, A Lightweight Policy System for Body Sensor Networks, IEEE Transactions on Network and Service Management, Vol: 6, Pages: 137-148, ISSN: 1932-4537
Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alterna- tive schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables fine- grained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated.
Schaeffer Filho A, Lupu E, Sloman M, et al., 2009, Verification of Policy-based Self-Managed Cell Interactions Using Alloy, IEEE International Symposium on Policies for Distributed Systems and Networks (Policy), Publisher: IEEE, Pages: 37-40
Self-Managed Cells (SMCs) define an infrastructure for building ubiquitous computing applications. An SMC consists of an autonomous administrative domain based on a policy-driven feedback control-loop. SMCs are able to interact with each other and compose with other SMCs to form larger autonomous components. In this paper we present a formal specification of an SMC's behaviour for the analysis and verification of its operation in collaborations of SMCs. These collaborations typically involve SMCs originated from different administrative authorities, and the definition of a formal model has helped us to verify the correctness of their operation when SMCs are composed or federated.
Schaeffer Filho A, Lupu E, Sloman M, et al., 2009, Verification of Policy-based Self-Managed Cell Interactions Using Alloy
Self-Managed Cells (SMCs) define an infrastructure for building ubiquitous computing applications. An SMC consists of an autonomous administrative domain based on a policy-driven feedback control-loop. SMCs are able to interact with each other and compose with other SMCs to form larger autonomous components. In this paper we present a formal specification of an SMC's behaviour for the analysis and verification of its operation in collaborations of SMCs. These collaborations typically involve SMCs originated from different administrative authorities, and the definition of a formal model has helped us to verify the correctness of their operation when SMCs are composed or federated. The formal specification also enables a better characterisation of the integrity constraints that must be preserved during SMC operation.
Zhu Y, Sloman M, Lupu EC, et al., 2009, Vesta: A Secure and Autonomic System for Pervasive Healthcare, 3rd International Conference on Pervasive Computing Technologies for Healthcare (Pervasive Health 09), Publisher: ICST, Pages: 1-8
The proliferation of low-power wireless communications and handheld devices has facilitated the development of pervasive systems for healthcare applications. This paper describes a body sensor network comprising a personal controller, various biosensors and actuators for pervasive healthcare. Various physiological parameters such as heart rate or blood oxygen level can be continuously monitored. The growing complexity of such systems, however, poses challenges for system management and security. In this paper we present a secure autonomic body sensor network called Vesta which makes use of the extensible architecture pattern of a self managed cell (SMC). A policy-driven management paradigm supports adaptability to contextual changes by applying event-condition-action rules. Fine-grained access control of the system is realized through authorization policies. Experimental evaluation shows that it is viable and practical for real-world pervasive healthcare.
This data is extracted from the Web of Science and reproduced under a licence from Thomson Reuters. You may not copy or re-distribute this data in whole or in part without the written consent of the Science business of Thomson Reuters.