Dynamic Policy Enforcement Using Restriction Set Theoretic Expressions (RSTE)

Service Oriented Sensor Networks consist of various assets and host variety of services, some of which are composed of other services. Policies are widely used for regulating access to assets and services specially when these assets are owned by different parties in a coalition environment. In this paper, we present a novel mechanism for policy implementation to provide or restrict access to resources using policies. We present "Restriction Set Theoretic Expressions (RSTE)"to represent assets and policies in the form of sets at system level, therefore RSTE is independent of high-level representation of policies and assets. High-level representation of network assets and policies can be easily translated to semantically defined RSTE sets and then different RSTE operations are applied to restrict or release access to resources. RSTE defines sets and operations that can be performed on the sets to implement policies. We describe semantics of RSTE sets and operations for assets in service configuration in WSNs and show how the services and policies can be represented as sets. We then leverage the capabilities of relational databases by representing sets as tables and applying policies as set operations executed as SQL queries. Operations performed on the database tables yield restricted sets of policy enforced services. Such services can then be provided to the user or used by service configuration to compose complex services. If service composition cannot be performed due to policy restrictions, the restricting conditions are reported to user through presentation layer for policy negotiation and relaxation.