Knowledge sharing in virtual enterprises via an ontology-based access control approach

Collaborating throughout a product life cycle via virtual enterprise (VE) is one of the most promising strategies for enhancing global competitiveness. Efficient and secure knowledge sharing is critical to the success of a VE. This study presents a novel approach, model and technology for knowledge access control and sharing across enterprises. First, this study proposes an ontology-based knowledge sharing model and a multiple-layer knowledge representation framework on which a knowledge access control model for knowledge sharing in a VE is proposed. In the proposed model, user authorizations permitting access to knowledge in a VE are classified into two levels: (1) basic privileges and (2) extended privileges. The former is evaluated from four dimensions, i.e. who, what, when and where, while the latter is determined by considering how three domain ontologies, i.e., product, organization and activity, are related. This study then develops a knowledge access control policy (KACP) language model which is used to identify the knowledge access control and sharing rules of a VE and all its enterprise members. The knowledge access control model proposed in this study can facilitate VE Knowledge management and sharing across enterprises, enhance knowledge sharing security and flexibility and regulate knowledge sharing to expeditiously reflect changes in the business environment.

[1]  Thomas H. Davenport,et al.  Book review:Working knowledge: How organizations manage what they know. Thomas H. Davenport and Laurence Prusak. Harvard Business School Press, 1998. $29.95US. ISBN 0‐87584‐655‐6 , 1998 .

[2]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[3]  Ken Moody,et al.  Meta-policies for distributed role-based access control systems , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[4]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[5]  Alexander Borgida,et al.  Description Logics in Data Management , 1995, IEEE Trans. Knowl. Data Eng..

[6]  Dennis G. Kafura,et al.  An XACML-based policy management and authorization service for globus resources , 2003, Proceedings. First Latin American Web Congress.

[7]  Nicola Guarino,et al.  Formal ontology, conceptual analysis and knowledge representation , 1995, Int. J. Hum. Comput. Stud..

[8]  Rahul Singh,et al.  Semantic information assurance for secure distributed knowledge management: a business process perspective , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[9]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[10]  Zhu Honghui,et al.  Research of knowledge chain in intelligent control , 2003, IEEE International Conference on Robotics, Intelligent Systems and Signal Processing, 2003. Proceedings. 2003.

[11]  Thomas R. Gruber,et al.  A Translation Approach to Portable Ontologies , 1993 .

[12]  J. B. Quinn,et al.  Managing professional intellect: making the most of the best. , 1996, Harvard business review.

[13]  Yuh-Min Chen,et al.  Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise , 2007, Comput. Ind..

[14]  Nasir D. Memon,et al.  Special issue on secure knowledge management , 2007, Inf. Syst. Frontiers.

[15]  Elisa Bertino,et al.  Secure knowledge management: confidentiality, trust, and privacy , 2006, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[16]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[17]  Yuh-Min Chen,et al.  Secure resource sharing on cross-organization collaboration using a novel trust method , 2007 .

[18]  Jan H. P. Eloff,et al.  Virtual enterprise access control requirements , 2003 .

[19]  Simon Buckingham Shum,et al.  Knowledge Representation with Ontologies: The Present and Future , 2004, IEEE Intell. Syst..

[20]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[21]  Luigi V. Mancini,et al.  Graph Transformations for the Specification of Access Control Policies , 2001, Electron. Notes Theor. Comput. Sci..

[22]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[23]  I. Nonaka,et al.  How Japanese Companies Create the Dynamics of Innovation , 1995 .

[24]  S. J. Upadhyaya,et al.  Part 1: Special Issue on Secure Knowledge Management , 2006 .

[25]  Ravi S. Sandhu,et al.  The RRA97 model for role-based administration of role hierarchies , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[26]  Michael J. Shaw,et al.  Information infrastructure for electronic virtual organization management , 1998, Decis. Support Syst..

[27]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[28]  Karl Fürst,et al.  Managing Access in Extended Enterprise Networks , 2002, IEEE Internet Comput..

[29]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[30]  Paula Kotzé,et al.  Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology , 2002 .