An OWL-based XACML Policy Framework

Fabio Marfia, Mario Arrigoni Neri, Filippo Pellegrini, Marco Colombetti

Abstract

We present an XACML policy framework implementation using OWL and reasoning technologies. Reasoning allows to easily generate policy decisions in complex environments for expressive policies, while satisfying the requirements of reliability and consistency for the framework. Furthermore, OWL ontologies represent a valid substratum for tackling advanced complex tasks, as Policy Harmonization and Explanation, with a complete rationale.

References

  1. Ardagna, C., De Capitani Di Vimercati, S., Neven, G., Paraboschi, S., Pedrini, E., Preiss, F.-S., Samarati, P., and Verdicchio, M. (2011). Advances in Access Control Policies. In Camenisch, J., Fischer-Hubner, S., and Rannenberg, K., editors, Privacy and Identity Management for Life, pages 327-341. Springer Berlin Heidelberg.
  2. Ardagna, C., De Capitani di Vimercati, S., Paraboschi, S., Pedrini, E., and Samarati, P. (2009). An XACMLBased Privacy-Centered Access Control System. In Proc. of the 1st ACM Workshop on Information Security Governance (WISG 2009), Chicago, Illinois, USA.
  3. Batsakis, S., Stravoskoufos, K., and Petrakis, E. G. M. (2011). Temporal Reasoning for Supporting Temporal Queries in OWL 2.0. In Konig, A., Dengel, A., Hinkelmann, K., Kise, K., Howlett, R. J., and Jain, L. C., editors, KES (1), volume 6881 of Lecture Notes in Computer Science, pages 558-567. Springer.
  4. DL query (2008). DL Query guide - Protégé DLQueryTab. http://protegewiki.stanford.edu/wiki/ DLQueryTab.
  5. Ferrini, R. and Bertino, E. (2009). Supporting RBAC with XACML+OWL. In Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 7809, pages 145-154, New York, NY, USA. ACM.
  6. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W. H., and Thuraisingham, B. (2008). ROWLBAC - Representing Role Based Access Control in OWL. In Proceedings of the 13th Symposium on Access control Models and Technologies, Estes Park, Colorado, USA. ACM Press.
  7. Fornara, N. and Colombetti, M. (2010). Ontology and Time Evolution of Obligations and Prohibitions Using Semantic Web Technology. In Baldoni, M., Bentahar, J., van Riemsdijk, M., and Lloyd, J., editors, Declarative Agent Languages and Technologies VII, volume 5948 of Lecture Notes in Computer Science, pages 101-118. Springer Berlin Heidelberg.
  8. Hitzler, P., Krötzsch, M., and Rudolph, S. (2009). Foundations of Semantic Web Technologies. Chapman & Hall/CRC. Pages 226-229.
  9. Horridge, M. and Bechhofer, S. (2011). The OWL API: A Java API for OWL Ontologies. Semant. web, 2(1):11- 21.
  10. Horridge, M., Parsia, B., and Sattler, U. (2008). Laconic and precise justifications in owl. In Proceedings of the 7th International Conference on The Semantic Web, ISWC 7808, pages 323-338, Berlin, Heidelberg. Springer-Verlag.
  11. Horridge, M. and Patel-schneider, P. F. (2008). P.F.: Manchester syntax for OWL 1.1. In In: OWLED 2008, 4th international workshop OWL: Experiences and Directions (2008) Live Extraction 1223.
  12. Kolovski, V., Hendler, J., and Parsia, B. (2007). Analyzing Web Access Control Policies. In Proceedings of the 16th International Conference on World Wide Web, WWW 7807, pages 677-686, New York, NY, USA. ACM.
  13. López, F. L. Y., Luck, M., and D'Inverno, M. (2006). A Normative Framework for Agent-based Systems. Comput. Math. Organ. Theory, 12(2-3):227-250.
  14. Marfia, F. (2014). Using Abductive and Inductive Inference to Generate Policy Explanations. In Obaidat, M., Holzinger, A., and Samarati, P., editors, Proceedings of International Conference on Security and Cryptography (SECRYPT 2014). SciTePress.
  15. Mourad, A. and Jebbaoui, H. (2015). SBA-XACML: Set-based approach providing efficient policy decision process for accessing Web services. Expert Syst. Appl., 42(1):165-178.
  16. Paraboschi and Arrigoni Neri (2013). D2.4 - Policy Harmonization and Reasoning. PoSecCo WP2, Business and IT level policies.
  17. Posecco (2010). PoSecCo - Policy and Security Configuration Management. http://www.posecco.eu/.
  18. Primelife (2008). PrimeLife - Bringing sustainable privacy and identity management to future networks and services. http://primelife.ercim.eu/.
  19. Sensoy, M., Norman, T. J., Vasconcelos, W. W., and Sycara, K. (2012). OWL-POLAR: A Framework for Semantic Policy Representation and Reasoning. Web Semant., 12-13:148-160.
  20. Shearer, R., Motik, B., and Horrocks, I. (2008). Hermit: A highly-efficient owl reasoner. In Dolbear, C., Ruttenberg, A., and Sattler, U., editors, OWLED, volume 432 of CEUR Workshop Proceedings. CEUR-WS.org.
  21. Singh, M. P. (1998). An Ontology for Commitments in Multiagent Systems: Toward a Unification of Normative Concepts. Artificial Intelligence and Law, 7:97-113.
  22. Sirin, E. and Parsia, B. (2007). SPARQL-DL: SPARQL Query for OWL-DL. In In 3rd OWL Experiences and Directions Workshop (OWLED-2007.
  23. SUN XACML (2004). Sun's XACML implementation. http://sunxacml.sourceforge.net/.
  24. SWRL Rules (2004). SWRL: A Semantic Web Rule Language Combining OWL and RuleML. http://www. w3.org/Submission/SWRL/.
  25. Uszok, A. and Bradshaw, J. M. (2008). Demonstrating Selected W3C Policy Languages Interest Group Use Cases Using the KAoS Policy Services Framework. In POLICY, pages 233-234. IEEE Computer Society.
  26. XACML Combining Algorithms (2013). OASIS XACML Version 3.0 Specification, Combining algorithms. http://docs.oasis-open.org/xacml/3.0/ xacml-3.0-core-spec-cs-01-en.pdf. page 5.
  27. XACML Data-Flow model (2013). OASIS XACML Version 3.0 Specification, Data-flow model. http://docs.oasis-open.org/xacml/3.0/ xacml-3.0-core-spec-cs-01-en.pdf. pages 19-20.
  28. XACML RFC2904 (2000). RFC2904 - AAA Authorization Framework Memo. http://tools.ietf.org/ html/rfc2904.
  29. XACML Standard (2013). OASIS eXtensible Access Control Markup Language (XACML). https://www. oasis-open.org/committees/xacml/.
  30. XEngine (2008). XEngine: A Fast and Scalable XACML Policy Evaluation Engine. http://xacmlpdp. sourceforge.net/.
Download


Paper Citation


in Harvard Style

Marfia F., Arrigoni Neri M., Pellegrini F. and Colombetti M. (2015). An OWL-based XACML Policy Framework . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 124-135. DOI: 10.5220/0005570101240135


in Bibtex Style

@conference{secrypt15,
author={Fabio Marfia and Mario Arrigoni Neri and Filippo Pellegrini and Marco Colombetti},
title={An OWL-based XACML Policy Framework},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={124-135},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005570101240135},
isbn={978-989-758-117-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - An OWL-based XACML Policy Framework
SN - 978-989-758-117-5
AU - Marfia F.
AU - Arrigoni Neri M.
AU - Pellegrini F.
AU - Colombetti M.
PY - 2015
SP - 124
EP - 135
DO - 10.5220/0005570101240135