Concept-level access control for the Semantic Web

Recently, the notion of the Semantic Web has been introduced to define a machine-interpretable web targeted for automation, integration and reuse of data across different applications. Under the Semantic Web, web pages are annotated by concepts that are formally defined in ontologies along with the relationships among them. As information pertaining to different concepts has varying access control requirements, in this paper, we propose an access control model for the semantic web that is capable of specifying authorizations over concepts defined in ontologies and enoforcing them upon data instances annotated by the concepts. It is important to note that semantic relationships among concepts play a key role in making access control decisions. This is because, based on the relationship, one may infer information contained in one concept node from that of the other. Therefore, we first identify the important domain-independent relationships among concepts, categorize them and propose propagation policies based on these categories of relationships. In particular, we allow propagation of authorizations based on the semantic relationships among concepts to prevent illegal inferences. We then show how concept-level security polices can be represented in an OWL-based access control language. Finally, we demonstrate how users' requests can be handled under our access control model. Our concept-level model is especially suitable for the specification and administration of access control over semantically related web data under the Semantic Web even if they conform to different DTDs or use different tag names.

[1]  Vijayalakshmi Atluri,et al.  An authorization model for temporal and derived data: securing information portals , 2002, TSEC.

[2]  Michael N. Huhns,et al.  Consensus Ontologies: Reconciling the Semantics of Web Pages and Agents , 2001, IEEE Internet Comput..

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Elisa Bertino,et al.  An infrastructure for managing secure update operations on XML data , 2003, SACMAT '03.

[5]  Charles A. Shoniregun,et al.  Securing XML Documents , 2004, Australas. J. Inf. Syst..

[6]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[7]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[8]  Csilla Farkas,et al.  Ontology Guided XML Security Engine , 2004, Journal of Intelligent Information Systems.

[9]  Elisa Bertino,et al.  A Content-Based Authorization Model for Digital Libraries , 2002, IEEE Trans. Knowl. Data Eng..

[10]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[11]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[12]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[13]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[14]  Huan Liu,et al.  Resource description framework: metadata and its applications , 2001, SKDD.

[15]  Elisa Bertino,et al.  On specifying security policies for web documents with an XML-based language , 2001, SACMAT '01.