Semantic description and verification of security policy based on ontology

To solve the shortage problem of the semantic description scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By defining the basic elements of the security policy, the relationship model between the ontology and the concept of security policy based on the Web ontology language (OWL) is established, so as to construct the semantic description framework of the security policy. Through modeling and reasoning in the Protégé, the ontology model of authorization policy is proposed, and the first-order predicate description logic is introduced to the analysis and verification of the model. Results show that the ontology-based semantic description of security policy has better flexibility and practicality.

[1]  Xiaodong Zhu,et al.  Description Logic Based Extended Predictive Model Markup Language EPMML , 2012 .

[2]  Stefan Fenz,et al.  Toward web-based information security knowledge sharing , 2013, Inf. Secur. Tech. Rep..

[3]  Weili Han,et al.  A survey on policy languages in network and security management , 2012, Comput. Networks.

[4]  Emil C. Lupu,et al.  PONDER policy implementation and validation in a CIM and differentiated services framework , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[5]  Cungen Cao,et al.  Faithful and Full Translations Between Logics: Faithful and Full Translations Between Logics , 2014 .

[6]  Guo Li,et al.  Logic-Based Dynamical Security Policy Language and Verification , 2013 .

[7]  Flemming Nielson,et al.  The logic of XACML , 2011, Sci. Comput. Program..

[8]  Wei Zhi A Strategy-Proof Trust Based Decision Mechanism for Pervasive Computing Environments , 2012 .

[9]  Felix Klaedtke,et al.  Enforceable Security Policies Revisited , 2012, TSEC.

[10]  Giner Alor-Hernández,et al.  SecurOntology: A semantic web access control framework , 2011, Comput. Stand. Interfaces.

[11]  Wei Yu-di Computer network defense policy specification language , 2008 .

[12]  Shen Yu-Ming,et al.  Faithful and Full Translations Between Logics , 2013 .

[13]  Wei Zhou,et al.  A Strategy-Proof Trust Based Decision Mechanism for Pervasive Computing Environments: A Strategy-Proof Trust Based Decision Mechanism for Pervasive Computing Environments , 2012 .

[14]  Elisa Bertino,et al.  PDL with preferences , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).