Semantic Security Policy Matching in Service Oriented Architectures

Abstract

Cloud computing poses several new security and privacy challenges, mainly related to resource sharing, interoperability and dinamicity among different providers. Although policy specification languages address some of these challenges,many issues still have to be faced with. Policy matching is today performed by way of syntactical approaches, which may limit the selection of suitable services on the one hand, and the flexibility and the dinamicity of the matching process on the other one. In this work we propose a semantic approach that,by means of semantic annotations to WS-Policy documents,allows for an improved matching of security requirements and capabilities based on their actual meaning. The proposed approach has been validated through a case study that shows how a pure syntactic-based mechanism of WS-Policy would have failed in matching two actually compatible policies.