Access control for semantic data federations in industrial product-lifecycle management

Information integration across company borders becomes increasingly important for the success of product lifecycle management in industry and complex supply chains. Semantic technologies are about to play a crucial role in this integrative process. However, cross-company data exchange requires mechanisms to enable fine-grained access control definition and enforcement, preventing unauthorized leakage of confidential data across company borders. Currently available semantic repositories are not sufficiently equipped to satisfy this important requirement. This paper presents an infrastructure for controlled sharing of semantic data between cooperating business partners. First, we motivate the need for access control in semantic data federations by a case study in the industrial service sector. Furthermore, we present an architecture for controlling access to semantic repositories that is based on our newly developed SemForce security service. Finally, we show the practical feasibility of this architecture by an implementation and several performance experiments.

[1]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[2]  Mark Strembeck,et al.  A scenario-driven role engineering process for functional RBAC roles , 2002, SACMAT '02.

[3]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[4]  Michael P. Gallaher,et al.  Planning Report 02-1: The Economic Impact of Role-Based Access Control | NIST , 2002 .

[5]  Bhavani M. Thuraisingham Building Trustworthy Semantic Webs , 2009, IRI.

[6]  Ravi S. Sandhu,et al.  RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control" , 2007, IEEE Security & Privacy.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Timothy W. Finin,et al.  Policy-Based Access Control for an RDF Store , 2005, IJCAI 2007.

[9]  Farhad Ameri,et al.  Product Lifecycle Management: Closing the Knowledge Loops , 2005 .

[10]  Nicola Henze,et al.  Enabling Advanced and Context-Dependent Access Control in RDF Stores , 2007, ISWC/ASWC.

[11]  Ira R. Forman,et al.  Java Reflection in Action (In Action series) , 2004 .

[12]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[13]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[14]  D. Gollmann,et al.  Computer Security 2e , 2005 .

[15]  David W. Chadwick,et al.  Privacy preserving trust authorization framework using XACML , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[16]  Elisa Bertino,et al.  XACML Policy Integration Algorithms , 2008, TSEC.

[17]  Sudhir Agarwal,et al.  Credential Based Access Control for Semantic Web Services , 2004 .

[18]  Jean Bacon,et al.  Access control and trust in the use of widely distributed services , 2001, Softw. Pract. Exp..

[19]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[20]  Jian Li,et al.  Query Rewriting for Access Control on Semantic Web , 2008, Secure Data Management.

[21]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[22]  Dennis G. Kafura,et al.  First experiences using XACML for access control in distributed systems , 2003, XMLSEC '03.

[23]  Matteo Golfarelli,et al.  Designing the Data Warehouse: Key Steps and Crucial Issues , 1999 .

[24]  Peter Lamb,et al.  Role-based access control for data service integration , 2006, SWS '06.

[25]  Ira R. Forman,et al.  Java reflection in action , 2005 .

[26]  Peng Liu,et al.  Semantic access control for information interoperation , 2006, SACMAT '06.

[27]  Prasad A. Chodavarapu,et al.  SOA SECURITY , 2008 .

[28]  Markus Aleksy,et al.  Aletheia--Improving Industrial Service Lifecycle Management by Semantic Data Federations , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[29]  Scott Boag,et al.  XQuery 1.0 : An XML Query Language , 2007 .

[30]  M. Gallaher,et al.  The Economic Impact of Role-Based Access Control , 2002 .

[31]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[32]  Babak Sadighi Firozabadi,et al.  Overriding of Access Control in XACML , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[33]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[34]  Seog Park,et al.  An Introduction to Authorization Conflict Problem in RDF Access Control , 2008, KES.

[35]  Mark Strembeck,et al.  Role-Based Access Control for Information Federations in the Industrial Service Sector , 2010, ECIS.

[36]  Moira C. Norrie,et al.  Role-Based Modelling of Interactions in Database Applications , 2006, CAiSE.

[37]  Jerry R. Hobbs,et al.  DAML-S: Web Service Description for the Semantic Web , 2002, SEMWEB.

[38]  Steffen Kunz,et al.  Challenges for Access Control in Knowledge Federations , 2009, KMIS.

[39]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[40]  Douglas R. Stinson,et al.  On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs , 2008, TSEC.

[41]  Alan C. O'Connor,et al.  2010 economic analysis of role-based access control. Final report , 2010 .

[42]  Grigoris Antoniou,et al.  Controlling Access to RDF Graphs , 2010, FIS.

[43]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[44]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..