Log content extraction engine based on ontology for the purpose of a posteriori access control

In some complex information systems, users do not undergo untimely access controls. Generally, whenever they perform an action, this action is logged by the target system. Based on these log les, a security control called a posteriori access control is made afterwards. The logged data can be recorded in dierent formats (Syslog, W3C extend log, specic domain log standard like IHE-ATNA, etc.). An a posteriori security control framework requires a log ltering engine which extracts useful information regardless of the log format used. In this paper, we dene and enforce this extraction function by building an ontology model of logs. This logs ontology is queried to check the compliance of actions performed by the users of the considered system with its access control policy (violations, anomalies, fulllments, etc.). We show how the a posteriori security controls are made eective and how security decisions are made easier based on this extraction function.

[1]  Jerry den Hartog,et al.  An audit logic for accountability , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[2]  Jerry den Hartog,et al.  A Logic for Auditing Accountability in Decentralized Systems , 2004, Formal Aspects in Security and Trust.

[3]  Nigel Shadbolt,et al.  Resource Description Framework (RDF) , 2009 .

[4]  Jeff Z. Pan,et al.  Resource Description Framework , 2020, Definitions.

[5]  Volker Haarslev,et al.  Querying the Semantic Web with Racer + nRQL , 2004 .

[6]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[7]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[8]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[9]  Drew Pg Integrating the healthcare enterprise. , 2000, M.D. computing : computers in medical practice.

[10]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[11]  Sandro Etalle,et al.  A posteriori compliance control , 2007, SACMAT '07.

[12]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[13]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[14]  Nora Cuppens-Boulahia,et al.  Reconciling IHE-ATNA profile with a posteriori contextual access and usage control policy in healthcare environment , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[15]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.