150 likes | 158 Views
This paper presents a distributed tabling algorithm for policy systems, addressing the problem of loops in policy evaluation in a distributed setting. The algorithm handles both public and private policies, and generates proofs of evaluation. It has been implemented and tested, and future work includes improving communication efficiency, reducing information leakage, and researching local termination algorithms.
E N D
A Distributed Tabling Algorithmfor Rule Based Policy Systems Miguel Alves, Carlos Damasio, Wolfgang Nejdl, Daniel Olmedilla IEEE Policy, June 4-6, 2006
Motivation ScenarioOnline Sharing Pictures Bob: Is Tom a friend of Bob? Bob: Is Tom a friend of Alice? Bob: Check local friend list Bob: Is Tom a friend of Frank? Alice: Is Tom a friend of Alice? Frank: Is Tom a friend of Frank? Alice: Is Tom a friend of Bob? Alice: Is Tom a friend of Frank? Frank: Is Tom a friend of Alice? Frank: Is Tom a friend of Bob? Frank: Check local friend list Alice: Check local friend list Policy 2006
Problem StatementCIA Agents I show you my CIA badge If you show me yours first I show you my CIA badge If you show me yours first • [ Li, Du,BonehWinsborough, Seamons, Jones. Oblivious Signature-Based Envelope DARPA ACM Symposium on Principles of Distributed Computing, 2003] Policy 2006
Problem StatementLoop Detection • From a declarative specification point of view • Loops may easily occur • Policies are complex and large in number • Typically, they are not under the control of a single person • Loops are not errors • However, if not handled correctly • They may end up in non-terminating evaluation Policy 2006
Problem StatementExisting Validation & Verification Techniques • Locally (on own policies) • Policy specification • Static checking • Tabling • Model checking • Etc. • They do not apply in a distributed setting because • Too large number of potential policies • Policies at other entities may be private • Policies are dynamic • Applicable policies are known only at runtime Policy 2006
SLD ResolutionDefinition • GoalG = ( L1, … , Lk , … , Lm ) • ClauseC = ( A :- M1 , … , Mn ) • ResolventG’ = ( L1, … , Lk-1 , M1 , … , Mn , Lk-1 , … , Lm ) θ • θ = mgu (Lk , A) Policy 2006
TablingDefinition • Technique for goal-oriented evaluation of logic programs by storing computed answers in tables (a.k.a. tabulation) • Each new sub-goal is tabled, and its answers stored in that table • Resolution returns the answers of the table • Repeated answers are not propagated Policy 2006
TablingExample • friendOf(X,bob).friendOf (X,Y) :- friendOf (Y,X).friendOf (X,alice). friendOf(X,alice) □ friendOf(alice,X) {bob/X} {alice/X} □ □ friendOf(X,alice) □ friendOf(X,alice) friendOf(X,alice) Reuse answer Reuse answer friendOf(alice,X) friendOf(alice,bob) friendOf(alice,alice) Policy 2006
Distributed TablingElements • Peer Prover • Perform the logical operations on goals • Send a request to peer client for each new sub-goal selected and wait for the answers • Able to produce the proof of an answer • Peer Client • Keep the tables and answers for goal calls • Goal Manager • Interfaces a community with the outside world • One per community • Major function is to detect termination Policy 2006
Distributed TablingExample of Running Architecture Policy 2006
Distributed TablingSecurity & Privacy • Sharing dependencies during evaluation makes tabling easier • It brings privacy concerns • Sharing dependencies may discover partnerships and the policies themselves • Two kind of predicates: • Public: can be queried and included in the proof • Private: cannot be queried and must remain hidden • Two kinds of calls: • Authorization call (call for evaluation) • Proof (explanation of the evaluation) Policy 2006
Distributed TablingMessages Interaction Policy 2006
Distributed TablingExample Policy 2006
Distributed TablingTermination Detection • Crucial to detect • In order to inform the requester there are no more answers (or request failed) • Needed for Negation as Failure • Allow to free resources used during evaluation • Global Termination • Detect when all goals are finished • No need to share dependencies among peers • Local Termination • Detect when each goal is finished • Need to share dependencies • Privacy problems • It allows to have NAF Policy 2006
Conclusions & Further Work • A distributed tabling algorithm is presented • Detects loops • Without increasing the complexity of the system (PTIME) • Handles public and private policies and proof generation • Implemented and tested • Further work • Reduce communication among peers • Better management of information • Reduce risk of information leakage • Research on local termination algorithms • Taking privacy into account • In order to allow NAF Policy 2006