Information Technology Reference
In-Depth Information
4
Implementation of the SPR
The SPR has been developed using ConceptBase [5], a deductive object manager for
knowledge management. ConceptBase supports O-Telos, a knowledge representation
language [6], [7]. The decision to use a knowledge representation language for devel-
oping SPR was based on the fact that O-Telos:
−
Allows for the definition of a common conceptual model that forms the basis for
expressing different security policies in a well-structured way. Thus, it allows for
harmonization of policy representation without restricting the diversification of
policies.
−
Supports the representation and maintenance of both, guidelines expressed as natu-
ral language statements, and formal rules. The latter are represented in the SPR as
well-formed formulas in first order logic, utilizing the deductive mechanism pro-
vided by ConceptBase.
−
Supports hierarchies of concepts through a generalization/specialization mecha-
nism. Thus, rules expressed in abstract terms (e.g. agent, role, etc.) apply directly
to derivative concrete objects (e.g. Security Officer X).
−
Supports temporal knowledge, so it is possible to keep record of all modifications.
4.1
Features of O-Telos
A knowledge base in O-Telos consists of propositions, which are statements repre-
senting beliefs. Propositions are of two kinds: individuals and attributes. Individuals
are intended to represent entities, while attributes represent binary relationships be-
tween entities or other relationships.
A proposition is defined as a quadruple with the following components: “from”,
“label”, “to” and “when”. For example, the proposition
p:[Bob, job, security officer,
16 March 2000]
is interpreted as “from(p) = Bob”, “label(p) = job”, “to(p) = security
officer” and “when(p) = 20 March 2003”.
Propositions in O-Telos are organized by utilizing three conceptual tools, namely:
aggregation, classification and generalization
. Collecting attributes that have a com-
mon proposition as a source performs aggregation, thus providing support to build
structured objects. As an example, consider the following O-Telos declaration that
introduces a token named Bob with attributes having as source the individual Bob.
TELL Bob IN EmployeeClass
WITH
job: 'security officer';
address : 'Patission 76';
city : Athens
END
Classification requires each proposition being an instance of one or more generic
propositions or classes. Classes are themselves propositions and therefore instances of
other more abstract classes. Generally, propositions are classified into tokens (propo-
sitions having no instances and intended to represent concrete entities in the domain
of discourse), simple classes (propositions having only tokens as instances), meta-
classes (having only simple classes as instances), meta-metaclasses, and so on.
