Secure federation of semantic information services

A fundamental challenge for product-lifecycle management in collaborative value networks is to utilize the vast amount of product information available from heterogeneous sources in order to improve business analytics, decision support, and processes. This becomes even more challenging if those sources are distributed across multiple organizations. Federations of semantic information services, combining service-orientation and semantic technologies, provide a promising solution for this problem. However, without proper measures to establish information security, companies will be reluctant to join an information federation, which could lead to serious adoption barriers. Following the design science paradigm, this paper presents general objectives and a process for designing a secure federation of semantic information services. Furthermore, new as well as established security measures are discussed. Here, our contributions include an access-control enforcement system for semantic information services and a process for modeling access-control policies across organizations. In addition, a comprehensive security architecture is presented. An implementation of the architecture in the context of an application scenario and several performance experiments demonstrate the practical viability of our approach.

[1]  Sebastian Rudolph,et al.  EP-SPARQL: a unified language for event processing and stream reasoning , 2011, WWW.

[2]  Markus Aleksy,et al.  Aletheia--Improving Industrial Service Lifecycle Management by Semantic Data Federations , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[3]  William Cheswick,et al.  Firewalls and Internet Security , 1994 .

[4]  José Barata,et al.  SOA in reconfigurable supply chains: A research roadmap , 2009, Eng. Appl. Artif. Intell..

[5]  Steffen Kunz,et al.  Are you willing to wait longer for internet privacy? , 2011, ECIS.

[6]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[7]  Steffen Kunz,et al.  Challenges for Access Control in Knowledge Federations , 2009, KMIS.

[8]  Hau L. Lee,et al.  Information distortion in a supply chain: the bullwhip effect , 1997 .

[9]  Douglas R. Stinson,et al.  On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs , 2008, TSEC.

[10]  Rathindra Sarathy,et al.  Secure and useful data sharing , 2006, Decis. Support Syst..

[11]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[12]  Dennis G. Kafura,et al.  First experiences using XACML for access control in distributed systems , 2003, XMLSEC '03.

[13]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[14]  Steffen Kunz,et al.  Engineering Policies for Secure Interorganizational Information Flow , 2011, 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops.

[15]  Mireia Valverde,et al.  Waiting online: a review and research agenda , 2003, Internet Res..

[16]  David L. Spooner,et al.  Sharing manufacturing information in virtual enterprises , 1996, CACM.

[17]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[18]  David W. Chadwick,et al.  Privacy preserving trust authorization framework using XACML , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[19]  Fabio Massacci,et al.  A Model-Driven Approach for the Specification and Analysis of Access Control Policies , 2008, OTM Conferences.

[20]  Subhashish Samaddar,et al.  Production, Manufacturing and Logistics Inter-organizational information sharing: The role of supply network configuration and partner goal congruence , 2006 .

[21]  Niki Panteli,et al.  Trust and conflict within virtual inter-organizational alliances: a framework for facilitating knowledge sharing , 2005, Decis. Support Syst..

[22]  Farhad Ameri,et al.  Product Lifecycle Management: Closing the Knowledge Loops , 2005 .

[23]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[24]  Andrew B. Whinston,et al.  Supply chain information sharing in a macro prediction market , 2006, Decis. Support Syst..

[25]  Alessandro Acquisti,et al.  Is There a Cost to Privacy Breaches? An Event Study , 2006, WEIS.

[26]  Peter Trkman,et al.  The impact of business analytics on supply chain performance , 2010, Decis. Support Syst..

[27]  Jan Hladik,et al.  RBAC AUTHORIZATION DECISION WITH DL REASONING , 2008 .

[28]  Sanjay Goel,et al.  Estimating the market impact of security breach announcements on firm values , 2009, Inf. Manag..

[29]  Amit Jain,et al.  Secure resource description framework: an access control model , 2006, SACMAT '06.

[30]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[31]  Andre Bolles,et al.  Streaming SPARQL - Extending SPARQL to Process Data Streams , 2008, ESWC.

[32]  William Knight Security — built-in or bolted-on to the SOA? , 2005 .

[33]  York Sure-Vetter,et al.  Ontology-Based Information Integration in the Automotive Industry , 2003, SEMWEB.

[34]  Fangruo Chen,et al.  Information Sharing and Supply Chain Coordination , 2003, Supply Chain Management.

[35]  Han Zhao,et al.  SGII: Towards Semantic Grid-Based Enterprise Information Integration , 2005, GCC.

[36]  Mark Strembeck,et al.  A scenario-driven role engineering process for functional RBAC roles , 2002, SACMAT '02.

[37]  Fiona Fui-Hoon Nah,et al.  A study on tolerable waiting time: how long are Web users willing to wait? , 2004, AMCIS.

[38]  Chinya V. Ravishankar,et al.  OM: A Tunable Framework for Optimizing Continuous Queries over Data Streams , 2006, SBBD.

[39]  Laura M. Haas,et al.  Federated Stream Processing Support for Real-Time Business Intelligence Applications , 2009, BIRTE.

[40]  Mark Strembeck Scenario-Driven Role Engineering , 2010, IEEE Security & Privacy.

[41]  Daniele Braga,et al.  C-SPARQL: SPARQL for continuous querying , 2009, WWW '09.

[42]  Robert J. Kauffman,et al.  Service-oriented technology and management: Perspectives on research and practice for the coming decade , 2008, Electron. Commer. Res. Appl..

[43]  Marit Hansen,et al.  Privacy and Identity Management , 2008, IEEE Security & Privacy.

[44]  Duminda Wijesekera,et al.  Securing Workflows with XACML, RDF and BPEL , 2008, DBSec.

[45]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[46]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[47]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[48]  Phillip J. Windley Digital identity , 2005 .

[49]  Huseyin Cavusoglu,et al.  The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers , 2004, Int. J. Electron. Commer..

[50]  Binshan Lin,et al.  Accessing information sharing and information quality in supply chain management , 2006, Decis. Support Syst..

[51]  Tran Cao Son,et al.  Semantic Web Services , 2001, IEEE Intell. Syst..

[52]  Prasad A. Chodavarapu,et al.  SOA SECURITY , 2008 .

[53]  Alon Y. Halevy,et al.  Enterprise information integration: successes, challenges and controversies , 2005, SIGMOD '05.

[54]  Andreas Schaad,et al.  Deriving XACML Policies from Business Process Models , 2007, WISE Workshops.

[55]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[56]  Mark Strembeck,et al.  An approach to extract RBAC models from BPEL4WS processes , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[57]  Bhavani M. Thuraisingham Building Trustworthy Semantic Webs , 2009, IRI.

[58]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[59]  Marshall L. Fisher,et al.  Supply Chain Inventory Management and the Value of Shared Information , 2000 .

[60]  Rafael Corchuelo,et al.  From Wrapping to Knowledge , 2007, IEEE Transactions on Knowledge and Data Engineering.

[61]  Timothy W. Finin,et al.  Policy-Based Access Control for an RDF Store , 2005, IJCAI 2007.

[62]  Nicola Henze,et al.  Enabling Advanced and Context-Dependent Access Control in RDF Stores , 2007, ISWC/ASWC.

[63]  Elisa Bertino,et al.  XACML Policy Integration Algorithms , 2008, TSEC.

[64]  Bhavani M. Thuraisingham,et al.  Standards for secure data sharing across organizations , 2007, Comput. Stand. Interfaces.

[65]  G Stix,et al.  The mice that warred. , 2001, Scientific American.

[66]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[67]  Mark Strembeck,et al.  Role-Based Access Control for Information Federations in the Industrial Service Sector , 2010, ECIS.

[68]  M. Shaw,et al.  A strategic analysis of inter organizational information sharing , 2006, Decis. Support Syst..

[69]  John Domingue,et al.  Near-Term Prospects for Semantic Technologies , 2008, IEEE Intelligent Systems.