Security on the web: a semantic-aware authorization framework for secure data sharing

This PhD dissertation proposes a Semantic-Aware Authorization Framework to address some of the problems encountered in sharing semi-structured data securely. The proposed framework ensures the preservation of authorization permissions on data even if the structure of the data is changed during the data exchange. This framework supports data sharing in distributed and heterogeneous environments by providing syntax independent authorization capabilities for eXtensible Markup Language (XML), the most widely used standard for data format and exchange. Most of the security standards available for XML data security use the syntax and structure of the XML data to provide different security services. In this research work, I propose an approach to remove the dependence of security on data syntax and make use of data and application semantics to secure XML documents. In particular, I have developed an Access Control framework for XML that expresses authorization requirements on data semantics. I define a XML to ontology mappings to associate XML data documents with their semantics. First, I show how to map an XML data document to a corresponding ER model. Security requirements are expressed onto ER conceptual models. I use these mappings to derive the security policies for XML document from authorizations expressed on the ER model. This architecture has limitations in the wake of current distributed nature of the web and enterprise application scenarios. Using ontologies enables several advantages over ER model usage such as easier data model integration, relationship modeling, extensibility, and open sharing. But this entails the need for an access control model to secure metadata RDF. Hence using semantics for securing XML data presents two requirements, (1) Developing authorization framework for metadata represented in RDF format, (2) Establishing mappings between the XML data and its semantics, presented by RDF ontology, to propagate the RDF authorizations to XML data. So the proposed framework, in addition to providing a uniform access control model for XML data, also provides an authorization model for RDF ontological data. Formal properties of the proposed model such as completeness, consistency, and default policy for both RDF and mapped XML data are also developed.