An Ontological Template for Context Expressions in Attribute-based Access Control Policies

Simeon Veloudis, Iraklis Paraskakis, Chris Petsos, Yiannis Verginadis, Ioannis Patiniotakis, Gregoris Mentzas

Abstract

By taking up the cloud computing paradigm enterprises are able to realise significant cost savings whilst increasing their agility and productivity. However, due to security concerns, many enterprises are reluctant to migrate their critical data and operations to the cloud. One way to alleviate these concerns is to devise suitable policies that infuse adequate access controls into cloud services. However, the dynamicity inherent in cloud environments, coupled with the heterogeneous nature of cloud services, hinders the formulation of effective and interoperable access control policies that are suitable for the underlying domain of application. To this end, this work proposes an ontological template for the semantic representation of context expressions in access control policies. This template is underpinned by a suitable set of interrelated concepts that generically capture a wide range of contextual knowledge that must be considered during the evaluation of policies.

References

  1. Abowd, G., & Mynatt, E., 2000. Charting past, present, and future research in ubiquitous computing. ACM Transactions on Computer-Human Interaction (TOCHI) - Special issue on human-computer interaction in the new millennium, 29-58.
  2. Bettini, C., Brdiczka, O., Henricksen, K., Indulska, J., Nicklas, D., Ranganathan, A., & Riboni, D., 2010. A survey of context modelling and reasoning techniques. Pervasive and Mobile Computing, 161-180.
  3. Bucchiarone, A., Kazhamiakin, R., Cappiello, C., Nitto, E., & Mazza, V., 2010. A context-driven adaptation process for service-based applications. In ACM Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS'10), pp. 50-56, Cape Town, South Africa.
  4. CSA, 2015. What's Hindering the Adoption of Cloud Computing in Europe? Available online: https://blog.cloudsecurityalliance.org/2015/09/15/whatshindering-the-adoption-of-cloud-computing-in-europe/. Cloud Security Alliance.
  5. Heupel, M., Fischer, L., Bourimi, M., Kesdogan, D., Scerri, S., Hermann, F., Gimenez, R., 2012. Context-Aware, Trust-Based Access Control for the di.me Userware. In Proceedings of the 5th International Conference on New Technologies, Mobility and Security (NTMS'12), pp. 1-6, Istanbul, Turkey, IEEE Computer Society.
  6. Hu, V. C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller R., and Scarfone K., 2014. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST.
  7. Kagal, L., Finin, T., Joshi, A.: A Policy Language for a Pervasive Computing Environment. In 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY 7803), pp. 63-74, IEEE Computer Society, Washington, DC (2003)
  8. Miele, A., Quintarelli, E., Tanca, L., 2009. A methodology for preference-based personalization of contextual data. In ACM Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology (EDBT'09), pp. 287-298, SaintPetersburg, Russia.
  9. Nejdl, W., Olmedilla, D., Winslett, M, Zhang. C.C.: Ontology-Based policy specification and management. In Gómez-Pérez, A. and Euzenat, J. (eds.) ESWC'05, pp. 290-302, Springer-Verlag, Berlin, Heidelberg (2005).
  10. OASIS, 2013. OASIS eXtensible Access Control Markup Language (XACML). Available: http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
  11. OWL Web Ontology Language Reference. W3C Recommendation, 2004. Available online: http://www.w3.org/TR/owl-ref/.
  12. PaaSword Deliverable 2.1, 2015. Available online: https://www.paasword.eu/deliverables/.
  13. PaaSword Deliverable 2.2, 2015. Available online: https://www.paasword.eu/deliverables/.
  14. RDF 1.1 Turtle, 2014. Available: http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
  15. Specification of Deliberation RuleML 1.01, 2015. Available online: http://wiki.ruleml.org/index.php/Specification_of_Deliber ation_RuleML_1.01.
  16. Security Assertions Markup Language (SAML) Version 2.0. Technical Overview, 2008. Available online: https://www.oasisopen.org/committees/download.php/27819/sstc-samltech-overview-2.0-cd-02.pdf
  17. Sheng, Q., & Benatallah, B., 2005. ContextUML: A UMLBased Modeling Language for Model-Driven Development of Context-Aware Web Services Development. In Proceedings of the International Conference on Mobile Business (ICMB'05), pp. 206-212, IEEE Computer Society.
  18. Strang, T., Linnhoff-Popien, C., 2004. A Context Modeling Survey. In Workshop on Advanced Context Modelling, Reasoning and Management, (UbiComp'04) - The Sixth International Conference on Ubiquitous Computing. Nottingham, England.
  19. Tao, J., Sirin, E., Bao, J. and McGuinness, D. L.: Integrity Constraints in OWL, In Proceedings of the 24th AAAI Conference on Artificial Intelligence (AAAI-10), Atlanta, Georgia, USA, July 11-15 (2010)
  20. Truong, H.-L., Manzoor, A., Dustdar, S., 2009. On modeling, collecting and utilizing context information for disaster responses in pervasive environments. In ACM Proceedings of the first international workshop on Context-aware software technology and applications (CASTA'09), pp. 25-28, Amsterdam, The Netherlands.
  21. Uszok, A., Bradshaw, J., Jeffers, R., Johnson, M., Tate, A., Dalton, J. and Aitken, S., 2005. KAoS Policy Management for Semantic Web Services. IEEE Intel. Sys., vol. 19, no. 4, pp. 32 - 41.
  22. Veloudis, S., Verginadis, Y., Patiniotakis, I., Paraskakis, I., Mentzas, G., 2016. Context-aware Security Models for PaaS-enabled Access Control. In Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER'16), April 23-25, 2016, Rome, Italy
  23. Verginadis, Y., Mentzas, G., Veloudis, S., Paraskakis, I., 2015. A Survey on Context Security Policies. In Proceedings of the 1st International Workshop on Cloud Security and Data Privacy by Design (CloudSPD'15), colocated with the 8th IEEE/ACM International Conference on Utility and Cloud Computing, Limassol, Cyprus, December 7-10.
  24. WS-Trust 1.3, 2007. Available online: http://docs.oasisopen.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc.
Download


Paper Citation


in Harvard Style

Veloudis S., Paraskakis I., Petsos C., Verginadis Y., Patiniotakis I. and Mentzas G. (2017). An Ontological Template for Context Expressions in Attribute-based Access Control Policies . In Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-243-1, pages 151-162. DOI: 10.5220/0006301501510162


in Bibtex Style

@conference{closer17,
author={Simeon Veloudis and Iraklis Paraskakis and Chris Petsos and Yiannis Verginadis and Ioannis Patiniotakis and Gregoris Mentzas},
title={An Ontological Template for Context Expressions in Attribute-based Access Control Policies},
booktitle={Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2017},
pages={151-162},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006301501510162},
isbn={978-989-758-243-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - An Ontological Template for Context Expressions in Attribute-based Access Control Policies
SN - 978-989-758-243-1
AU - Veloudis S.
AU - Paraskakis I.
AU - Petsos C.
AU - Verginadis Y.
AU - Patiniotakis I.
AU - Mentzas G.
PY - 2017
SP - 151
EP - 162
DO - 10.5220/0006301501510162