Context Ontology for Secure Interoperability

During interoperability exchanges, organizations are jointly conducting computation and sharing tasks. However, organizations can have different security policies. To guarantee good interoperability exchanges, organizations need to share with other participants information about the services they provide. In addition, to be compliant with security requirements during interoperability, security policies have to be dynamic. One purpose of this paper is to provide this dynamic behavior by taking care about context of access parameters. The context-aware security requirements may be met by using a contextual access control model to define the security policy of each party involved in the interaction, and OrBAC (Organization based Access Control) is an adequate model for this purpose. Elaborating an ontology based security model provides a mean to ensure sharing of understandable knowledge, in particular knowledge needed to derive the authorized accesses and usages during the interoperability sessions. In this paper, we thus suggest a context ontology to be combined with an ontological representation of the OrBAC model and show how it can be used to ease the security rules definition and derivation during interoperability sessions.

[1]  Erhard Rahm,et al.  COMA - A System for Flexible Combination of Schema Matching Approaches , 2002, VLDB.

[2]  Pedro M. Domingos,et al.  Learning to match ontologies on the Semantic Web , 2003, The VLDB Journal.

[3]  James B. D. Joshi,et al.  LoT-RBAC: A Location and Time-Based RBAC Model , 2005, WISE.

[4]  Nora Cuppens-Boulahia,et al.  O2O: Virtual Private Organizations to Manage Security Policy Interoperability , 2006, ICISS.

[5]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.

[6]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Horst F. Wedde,et al.  Role-based access control in ambient and remote space , 2004, SACMAT '04.

[9]  Jeffrey M. Bradshaw,et al.  KAoS policy management for semantic Web services , 2004, IEEE Intelligent Systems.

[10]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .

[11]  Nora Cuppens-Boulahia,et al.  Nomad: a security model with non atomic actions and deadlines , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[12]  Chang-Tien Lu,et al.  Geography Markup Language (GML) , 2008, Encyclopedia of GIS.

[13]  Elisa Bertino,et al.  X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control , 2005, TSEC.

[14]  Lalana Kagal,et al.  Policy-based Access Control for Task Computing Using Rei , 2005 .

[15]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[16]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[17]  Erhard Rahm,et al.  Generic Schema Matching with Cupid , 2001, VLDB.

[18]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.