A SWRL Bridge to XACML for Clouds Privacy Compliant Policies

Hanene Boussi Rahmouni, Marco Casassa Mont, Kamran Munir, Tony Solomonides

2014

Abstract

The management of privacy and personal information within multi-cultural domain such as clouds and other universal collaborative systems requires intrinsic compliance-checking and assurance modules in order to increase social trust and acceptance. Focusing mainly on medical domains, this issue is particularly important due to the sensitivity of health related data in international data protection law. The use of ontologies and semantic technologies can provide relatively easy interpretation of legislation at run time, and can allow the logging of data access events to serve for future audits. However, the enforcement of semantic web rules (SWRL rules) on complex and heterogeneous architectures is expensive and might present runtime overheads. We believe a mapping of our semantic web privacy policies to a standard access control language such as XACML would be a useful alternative. A translation to XACML, would allow the integration of these policies with existing security and privacy policies being adopted on clouds environments. This paper describes a mathematical formalism for mapping SWRL (Semantic Web Rule Language) privacy rules to XACML policies and also explains the underline implementation requirements of this formalism.

References

  1. Brandic, I. and Dustdar, S. and Anstett, T. and Schumm, D. and Leymann, F. and Konrad, R., 2010. Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds, IEEE 3rd International Conference on Cloud Computing.
  2. Bechhofer, S. et al., 2004. OWL Web Ontology Language Reference, [Online] W3C Available at: http:// www.w3.org/ TR/owl-ref/ [Accessed 2013].
  3. Beyleveld D, Townend D., Rouillé-Mirza S., Wr ight J., 2004. Implementation of the Data Protection Directive in relation to medical research in Europe, Ashgate Publishing Limited, ISBN-10: 0754623696.
  4. Boley, H. et al., 2010. Schema Specification of RuleML 1.0, [Online] Available at: http://ruleml.org/1.0/ [Accessed 2012].
  5. Casassa Mont, M., Crosta, S., Kriegelstein, T. & Sommer, D., 2007. PRIME Architecture V2, Deliverable D14.2.c. [Online] Available at: https://www. primeproject.eu/prime_products/reports/arch/pub_del_ D14.2 .c_ec_WP14.2_v1_Final.pdf [Accessed 2013].
  6. Casassa Mont, M., Shen, Y., Kounga, G. & Pearson, S., 2010. EnCoRe Project Deliverable D2.1. Technical Architecture for the first realized Case Study. [Online] (1.0) Available at: http://www.encoreproject.info [Accessed June 2013].
  7. Damiani, E., di Vimercati, S. D. C., Fugazza, C. & Samarati, P., 2004. Extending Policy Languages to the Semantic Web, in Proceedings of the 4th International Conference of Web Engineering, Springer.
  8. Demchenko, Y., Koeroo, O., de Laat, C. & Sagehaug, H., 2008. Extending XACML authorisation model to support policy obligations handling in distributed applications. In Proceedings of the 6th International Workshop on Middleware for Grid Computing, ACM.
  9. EC.Directive 95/46/ECofthe European Parliament and of the Council.,1995 (cited 2010). Available online from: http://ec.europa.eu/justice/policies/privacy/law/index_e n.htm#directive.
  10. Gowadia, V., Scalavino, E., Lupu, E. & Aziz, B., 2008. The Consequence Project, Deliverable D3.1: Models and framework for Meta-data generation and policy infrastructure. [Online] Available at: http://www. consequenceproject.eu/ Deliverables_Y1/D3.1.pdf.
  11. Gruber, T. R., 1995. Toward principles for the design of ontologies used for knowledge sharing. International Journal of Human-Computer Studies, 43(4-5),pp. 907-- 928.
  12. Horrocks, I. et al., 2004. SWRL: A Semantic Web Rule Language Combining OWL and RuleML. [Online] W3C Available at: http://www.w3.org/Submission /SWRL/ [Accessed 2013].
  13. Italian Personal Data Protection Code, 2003. Legislative Decreeno. 196 of 30 June 2003. Online; 2003 (cited 2012). Available from: http://www.privacy.it/ privacycode-en.html.
  14. Iversen A., Liddell K., Fear N., Hotopf M., Wessely S. Consent, 2006. Confidentiality and the Data Protection Act, British Medical Journal (Clinical Research Ed), 332 (7534):165-169.
  15. Jeremy W. Bryans, John S. Fitzgerald, 2007. Formal engineering of XACML access control policies in VDM++, Proceedings of the formal engineering methods 9th international conference on Formal methods and software engineering, November 14-15, Boca Raton, FL, USA.
  16. Kolosvki, V. 2008. Logic-based Framework For Web Access Control Policies, PhD Thesis, Digital Repository at the University of Maryland, College Park, Md.
  17. Kolovski, V. & Hendler, J., 2008. XACML policy analysis using description logics, [Online] Available at: http://www.mindswap.org/ kolovski/KolovskiXACM LAnalysis- JCSSubmission.pd [Accessed 2012].
  18. Kolovski, V., 2006. Formalizing XACML Using Defeasible Description Logics. Technical Report TR233-11, University of Maryland, College Park.
  19. Masi, M., Pugliese, R., Tiezzi, F., 2012. Formalisation and Implementation of the XACML Access Control Mechanism, In ESSoS. LNCS 7159, 60-74, Springer.
  20. Matteucci, I., Petrocchi, M. & Sbodio, M.L., 2010. CNL4DSA - a Controlled Natural Language for Data Sharing Agreements, In Proceedings of the 2010 ACM Symposium on Applied Computing, Sierre, Switzerland, ACM.
  21. McCullagh, K., 2006. Study of data protection: harmonization or confusion? In Proceeding of the 21st BILETA Conference: Globalisationand Harmonisation in Technology Law, Malta.
  22. Muppavarapu, V. & Chung, S.M., 2008. Semantic-Based Access Control for Grid Data Resources in Open Grid Services Architecture - Data Access and Integration (OGSA-DAI), in 20th IEEE International Conference on Tools with Artificia lIntelligence (ICTAI 2008), Dayton, Ohio, USA, 2008. IEEE Computer Society.
  23. OASIS XACML, 2005. eXtensible Access Control Markup Language (XACML), Version 2.0 (2005), Available online at http://docs.oasisopen.org/xacml/2.0/XACML2.0-OS NORMATIVE.zip.
  24. OASIS XACML, 2013. eXtensible Access Control Markup Language (XACML), Version 3.0, http://docs.oasisopen.org /xacml/3.0/xacml-3.0-core-spec-os-en.pdf [Accessed 2013].
  25. OCSI: The Open Cloud Standards Incubator, 2010. Architecture for Managing Clouds, White Paper from the Open Cloud Standards Incubator 1.0, DMTF DSPIS0102, [Online] Available at: http://www.dmtf.org/ standards/published_ documents/DSP-IS0101_1.0.pdf.
  26. Ontario, 2008. Freedom of Information and Protection of Privacy Act, [Online] Available at: http://www.elaws. gov.on.ca/html/statutes/english/elaws_statutes_90f31_e .htm [Accessed 2013].
  27. Powers, C., Adler, S. & Wishart, B., 2004. EPAL Translation of the Freedom of Information and Protection of Privacy Act, White Paper IBM Tivoli and Information and Privacy Commissioner, Ontario.
  28. Priebe et al., 2006. Mitigate Content-Related Risks With Enterprise Rights Management. Trends. Forrester Research.
  29. Rahmouni H. B. , Solomonides T., Casassa Mont M, Shiu S., 2010. Privacy compliance and enforcement on European Healthgrids: an approach through ontology. Philosophical Transactions of the RoyalSociety, 368: pp 4057-4072.
  30. Rahmouni H. B., Solomonides T., Mont M. Casassa, Shiu S, Rahmouni M. A., 2011, Modeldriven Privacy Compliance Decision Support for Medical Data Sharing in Europe. Methods Inf Med. 2011 Aug 15;50(4):326-36.
  31. Rahmouni, H. B., Solomonides, T., Casassa Mont, M. & Shiu, S., 2011. Ontology Based Privacy Compliance for Health Data Disclosure in Europe. PhD Thesis, University of the West of England, Bristol, UK.
  32. Sommer, D., Casassa Mont, M. & Pearson, S., 2008. PRIME Architecture V3. Deliverable 14.2.d. [Online] Available at: https://www.primeproject.eu/prime_ products/reports/arch/pub_del_D14.2.d_ec_WP14.2_v 3_Final.pdf [Accessed 2013]
  33. Wang, K., Billington, D., Blee, J. & Antoniou, G., 2004. Combining Description Logic and Defeasible Logic for the Semantic Web. In Rules and Rule Markup Languages for the Semantic Web: Third International Workshop, RuleML. Hiroshima, Japan, Springer.
Download


Paper Citation


in Harvard Style

Boussi Rahmouni H., Casassa Mont M., Munir K. and Solomonides T. (2014). A SWRL Bridge to XACML for Clouds Privacy Compliant Policies . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 27-37. DOI: 10.5220/0004853900270037


in Bibtex Style

@conference{closer14,
author={Hanene Boussi Rahmouni and Marco Casassa Mont and Kamran Munir and Tony Solomonides},
title={A SWRL Bridge to XACML for Clouds Privacy Compliant Policies},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2014},
pages={27-37},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004853900270037},
isbn={978-989-758-019-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - A SWRL Bridge to XACML for Clouds Privacy Compliant Policies
SN - 978-989-758-019-2
AU - Boussi Rahmouni H.
AU - Casassa Mont M.
AU - Munir K.
AU - Solomonides T.
PY - 2014
SP - 27
EP - 37
DO - 10.5220/0004853900270037