Abstract

The move towards supporting more autonomous systems, where decisions are made without direct user intervention, and more complex operating scenarios, where services from multiple organisations form temporary ties to solve particular problems, creates new security challenges. This paper argues that the answers should combine the use of conventional se-curity solutions, such as cryptographic mechanisms, with the ability to reason about security at the semantic level, using appropriate descriptions of security policies and the required tasks. Such reasoning can enable software entities aiming to interact to determine whether their respective security re-quirements and capabilities will allow them to proceed. Fur-thermore, it can support the enforcement of security policies based on the context of the interactions. We motivate the need for such reasoning about security through an example and dis-cuss a set of requirements to support the implementation of a specialised security device, termed a Semantic Firewall.