ISRI Seminar Series Announcement: Piero Bonatti, University of Napoli Title: Policy-aware systems: Some open research issues Monday, February 27th Wean Hall 4625 1pm Abstract: Today's most "interesting" systems are open to the internet, so they are vulnerable to a number of possible attacks against system security and their users' privacy. Traditional countermeasures generally conflict with usability. Trust negotiation (TN) comprises a family of new, appealing techniques for achieving a better tradeoff between (i) security and privacy protection, and (ii) simple and friendly data and service publication on computer networks. According to the current approaches, the peers involved in a transaction acquire a suitable level of trust in each other by negotiating and exchanging electronic credentials and other (digitally unsigned) information. This technique is very flexible, but there are still some open issues. Some of them concern the expressiveness of policy languages. The most promising approaches are currently declarative and rule-based, as this is the way end users spontaneously formulate policies. However, some policies may have to react to external events (e.g. by logging the events, by sending notifications, etc.), so the declarative semantics has to be harmonized with procedural aspects. Other expressiveness issues concern "sticky" policies - attached to data by data owners - that are supposed to be enforced (and harmonized with local policies) by whatever system receives those data, either directly from the owner or indirectly through a chain of peers. In both cases, some form of active rules should be integrated in the language. Moreover, it can be argued that no sophisticated framework for protecting security and/or privacy can reach its full potential unless end users can understand and control it. So a major open problem consists in designing effective automated explanation systems and friendly policy specification languages, possibly based on controlled fragments of natural language. The specificities of TN frameworks permit a specialized approach that may result more effective than generic explanation approaches. In this talk we shall give a brief overview of the above research topics as they are being tackled within the European network of excellence REWERSE (REasoning on the WEb with Rules and SEmantics). Bio: P.A. Bonatti is full professor at the University of Napoli "Federico II". He got the PhD in Computer Science at the University of Pisa, and has been visiting professor at the Technical University of Vienna, assistant professor at the University of Turin, associate professor at the University of Milan. His main research interests span across foundational and applicative aspects of AI and Computer Security, especially in the context of open and distributed systems; he has more than 70 publications in these areas. He is currently the coordinator of the working group on "Policy language, enforcement, and composition" of the European Network of Excellence REWERSE (REasoning on the WEb with Rules and SEmantics). If you would like to schedule an appointment with Piero Bonatti please contact: jmlucas@cs.cmu.edu