SEMANTICS-BASED ACCESS CONTROL - Ontologies and Feasibility Study of Policy Enforcement Function

Anton Naumenko

2007

Abstract

The current Web evolves to the Web 2.0 that is an intermediate step towards Semantic Web. Conventional security measures fall short to serve both, emerging technologies and innovative web-based information systems. The paper presents our research and development results towards adoption Semantic Web standards for the creation of unified view on the access control area that enables flexible, collaborative and distributed management of access control based on semantic relations amongst relating concepts. The integration of Semantic Web and access control disciplines leads to the elaboration of new more intelligent, flexible and reusable access control mechanisms and tools. The paper has practical orientation, evaluating research results and ideas with the development and testing of the prototype for the enforcement of access control policies based on the ontologies.

References

  1. Berners-Lee, T., Hendler, J., and Lassila, O., 2001. The Semantic Web. Scientific American, Vol. 284, No. 5, pp. 34-43.
  2. Gruber, T., 1993. A translation approach to portable ontologies. Knowledge Acquisition, 5(2): 199-220.
  3. McGuinness, D., and Harmelen, F., (eds.). 2004. OWL Web Ontology Language Overview. W3C Recommendation, http://www.w3.org/TR/owlfeatures/
  4. Moses, T., (ed.). 2005. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard.
  5. Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P., (eds.). 2006. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard.
  6. Naumenko A., Nikitin S., Terziyan V., Zharko A., 2005. Strategic Industrial Alliances in Paper Industry: XMLvs. Ontology-Based Integration Platforms, The Learning Organization, Special Issue on: Semantic and Social Aspects of Learning in Organizations, Emerald Publishers, Vol. 12, No. 5, pp. 492-514.
  7. Naumenko A., Katasonov A., Terziyan V., 2007. A Security Framework for Smart Ubiquitous Industrial Resources, J.P. Müller and K. Mertins (Eds.), In Proc. of the 3rd Int. Conf.. on Interoperability for Enterprise Software and Applications, 13 pp. (In press).
  8. Naumenko, A. and Luostarinen, K., 2006. Access Control Policies in (Semantic) Service-Oriented Architecture, Schaffert S. and Sure Y. (Eds.), In Semantic Systems From Visions to Applications, Proc. of the SEMANTICS 2006, Austrian Computer Society, Vienna, Austria, pages 49-62.
  9. Naumenko, A., 2006. Contextual rules-based access control model with trust, Shoniregan C. and Logvynovskiy A. (Eds.), In Proc. of the Int. Conference for Internet Technology and Secured Transactions, e-Centre for Infonomics, London, UK, ISBN 0-9546628-2-2, pages 68-75.
  10. O'Reilly T., 2005. What Is Web 2.0 Design Patterns and Business Models for the Next Generation of Software, http://www.oreillynet.com/pub/a/oreilly/tim/news/200 5/09/30/what-is-web-20.html.
  11. Patel-Schneider, P., Hayes, P., and Horrocks, I., (eds.). 2004. OWL Web Ontology Language Semantics and Abstract Syntax. W3C Recommendation, http://www.w3.org/TR/owl-absyn/
  12. Prud'hommeaux, E., and Seaborne, A. (eds.). 2006. SPARQL Query Language for RDF. W3C Candidate Recommendation, http://www.w3.org/TR/rdf-sparqlquery/
  13. Qin, L. and Atluri, V., 2003. Concept-level access control for the Semantic Web. In Proc. of the 2003 ACM Workshop on XML Security XMLSEC 7803. ACM Press, New York, NY, 94-103.
  14. Tonti, G., Bradshaw, J., Jeffers, R., Montanari, R., Suri, R., and Uszok, A., 2003. Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In Proc. of the Int. Semantic Web Conference, pp. 419--437.
  15. Wang, X., Lao, G., DeMartini, T., Reddy, H., Nguyen, M., and Valenzuela, E., 2002. XrML -- eXtensible rights Markup Language. In Proc. of the ACM Workshop on XML Security. XMLSEC 7802. ACM Press, New York, NY, pp. 71-79.
  16. Yagüe, M., Gallardo, M., and Maña, A., 2005. Semantic Access Control Model: A Formal Specification, In Lecture Notes in Computer Science, Springer, Volume 3679, pp. 24-43,
  17. Yagüe, M., Maña, A., López, J., and Troya, J., 2003. Applying the Semantic Web Layers to Access Control. In Proc. of the Int. Workshop on Web Semantics, IEEE Computer Society Press, pages 47-63.
  18. Yergeau, F., Bray, T., Paoli, J., Sperberg-McQueen, C., and Maler, E., 2004. Extensible Markup Language (XML) 1.0 (Third Edition). W3C Recommendation, http://www.w3.org/TR/2004/REC-xml-20040204/
Download


Paper Citation


in Harvard Style

Naumenko A. (2007). SEMANTICS-BASED ACCESS CONTROL - Ontologies and Feasibility Study of Policy Enforcement Function . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 150-155. DOI: 10.5220/0001265601500155


in Bibtex Style

@conference{webist07,
author={Anton Naumenko},
title={SEMANTICS-BASED ACCESS CONTROL - Ontologies and Feasibility Study of Policy Enforcement Function},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={150-155},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001265601500155},
isbn={978-972-8865-77-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - SEMANTICS-BASED ACCESS CONTROL - Ontologies and Feasibility Study of Policy Enforcement Function
SN - 978-972-8865-77-1
AU - Naumenko A.
PY - 2007
SP - 150
EP - 155
DO - 10.5220/0001265601500155