Semantic access control for information interoperation

Sharing information across different organizations is a critical problem. Using security enforcement mechanisms, accessing databases is limited to authorized users only. However, if databases and access control policies are syntactically and schematically heterogeneous, information interoperation becomes a crucial challenge. In order to allow users from multiple organizations to access databases, a better access control model is desired. In this paper, we propose Semantic Access Control based on popular Role-Base Access Control. Semantic Access Control provides secure access control to databases while resolving the heterogeneity among the databases. We present Semantic Access Control Enabler (SACE), a novel middleware-based system that has been designed and implemented to enable Semantic Access Control on the Web. SACE is a middleware system that requires only a few changes to be done on the legacy systems of any organizations involved. Unlike traditional mediator technologies, we integrate heterogeneity resolution and access control into one process. We show that despite performing ontology mappings and query and data translations our toolkit still provides acceptable performance.

[1]  J. Carroll,et al.  Jena: implementing the semantic web recommendations , 2004, WWW Alt. '04.

[2]  Li Qin,et al.  Concept-level access control for the Semantic Web , 2003, XMLSEC '03.

[3]  Seng-Phil Hong,et al.  Towards secure information sharing using role-based delegation , 2007, J. Netw. Comput. Appl..

[4]  Sudhir Agarwal,et al.  Credential Based Access Control for Semantic Web Services , 2004 .

[5]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.

[6]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[7]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[8]  Sudhir Agarwal,et al.  Access control for semantic Web services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[9]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[10]  Stefan Decker,et al.  A Layered Approach to Information Modeling and Interoperability on the Web , 2000 .

[11]  Dan Brickley,et al.  Resource Description Framework (RDF) Model and Syntax Specification , 2002 .

[12]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[13]  José M. Troya,et al.  A Semantic Approach for Access Control in Web Services , 2002, EuroWeb.

[14]  Isabel F. Cruz,et al.  Using a layered approach for interoperability on the semantic Web , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[15]  Xiaolei Qian,et al.  Query folding , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[16]  Xiang Zhang,et al.  OREL: an ontology-based rights expression language , 2004, WWW Alt. '04.

[17]  Li Gong,et al.  The complexity and composability of secure interoperation , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[18]  José M. Troya,et al.  Applying the semantic Web layers to access control , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..