Using OWL Reasoning for Evaluating XACML Policies

We present an approach for evaluating XACML policies using OWL technologies and DL reasoning. We explain how policies can be mapped to an OWL axiomatization, and how it is possible to generate answers to access requests using standard DL reasoning tools, all of that in the context of a complete XACML-compliant framework. Our model represents a substratum for policies presenting an expressivity that can not be captured by actual XACML engines. Furthermore, advanced Access Control functionalities, as Policy Harmonization and Policy Explanation, can be implemented with the use of the present model.

[1]  Bijan Parsia,et al.  Laconic and Precise Justifications in OWL , 2008, SEMWEB.

[2]  Azzam Mourad,et al.  SBA-XACML: Set-based approach providing efficient policy decision process for accessing Web services , 2015, Expert Syst. Appl..

[3]  Wamberto Weber Vasconcelos,et al.  OWL-POLAR: A framework for semantic policy representation and reasoning , 2012, J. Web Semant..

[4]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[5]  Sebastian Rudolph,et al.  Foundations of Semantic Web Technologies , 2009 .

[6]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[7]  Marco Colombetti,et al.  Ontology and Time Evolution of Obligations and Prohibitions Using Semantic Web Technology , 2009, DALT.

[8]  Henrik Plate Policy and Security Configuration Management , 2012, TrustBus.

[9]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[10]  Bijan Parsia,et al.  SPARQL-DL: SPARQL Query for OWL-DL , 2007, OWLED.

[11]  Boris Motik,et al.  HermiT: A Highly-Efficient OWL Reasoner , 2008, OWLED.

[12]  Munindar P. Singh An ontology for commitments in multiagent systems: , 1999, Artificial Intelligence and Law.

[13]  Tao Xie,et al.  Xengine: a fast and scalable XACML policy evaluation engine , 2008, SIGMETRICS '08.

[14]  Sean Bechhofer,et al.  The OWL API: A Java API for OWL ontologies , 2011, Semantic Web.

[15]  Sabrina De Capitani di Vimercati,et al.  Advances in Access Control Policies , 2011, Privacy and Identity Management for Life.

[16]  Stefano Paraboschi,et al.  An XACML-based privacy-centered access control system , 2009, WISG '09.

[17]  Michael Luck,et al.  A normative framework for agent-based systems , 2006, Comput. Math. Organ. Theory.

[18]  Euripides G. M. Petrakis,et al.  Temporal Reasoning for Supporting Temporal Queries in OWL 2.0 , 2011, KES.

[19]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[20]  Fabio Marfia Using abductive and inductive inference to generate policy explanations , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[21]  Jeffrey M. Bradshaw,et al.  Demonstrating Selected W3C Policy Languages Interest Group Use Cases Using the KAoS Policy Services Framework , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[22]  Peter F. Patel-Schneider,et al.  Manchester Syntax for OWL 1.1 , 2008, OWLED.