A Role and Attribute Based Access Control System Using Semantic Web Technologies

We show how Semantic Web technologies can be used to build an access control system. We follow the role-based access control approach (RBAC) and extend it with contextual attributes. Our approach provides for the dynamic association of roles with users. A Description Logic (DL) reasoner is used to classify both users and resources, and verify the consistency of the access control policies. We mitigate the limited expressive power of the DL formalism by refining the output of the DL reasoner with SPARQL queries. Finally, we provide a proof-of-concept implementation of the system written in Java.™

[1]  Robert Stevens,et al.  Putting OWL in Order: Patterns for Sequences in OWL , 2006, OWLED.

[2]  Isabel F. Cruz,et al.  Integrating and Exchanging XML Data Using Ontologies , 2006, J. Data Semant..

[3]  Ian Horrocks,et al.  The Even More Irresistible SROIQ , 2006, KR.

[4]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[5]  Stefano Spaccapietra,et al.  Journal on Data Semantics VI: Special Issue on Emergent Semantics , 2006, Journal on Data Semantics VI.

[6]  David W. Embley,et al.  Conceptual Modeling - ER 2006, 25th International Conference on Conceptual Modeling, Tucson, AZ, USA, November 6-9, 2006, Proceedings , 2006, ER.

[7]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[8]  Stefan Conrad,et al.  Bringing Relational Data into the SemanticWeb using SPARQL and Relational.OWL , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Ravi S. Sandhu,et al.  Induced role hierarchies with attribute-based RBAC , 2003, SACMAT '03.

[11]  Mark Strembeck,et al.  Design and implementation of a flexible RBAC-service in an object-oriented scripting language , 2001, CCS '01.

[12]  Alan L. Rector,et al.  Representing Transitive Propagation in OWL , 2006, ER.

[13]  Lalana Kagal,et al.  Using Semantic Web Technologies for Policy Management on the Web , 2006, AAAI.

[14]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[15]  Lalana Kagal,et al.  Self-describing delegation networks for the Web , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[16]  Jeffrey M. Bradshaw,et al.  KAoS policy management for semantic Web services , 2004, IEEE Intelligent Systems.

[17]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[18]  Lalana Kagal,et al.  A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments , 2006, SEMWEB.

[19]  Scott Cantor,et al.  Shibboleth Architecture Technical Overview , 2005 .

[20]  David W. Chadwick,et al.  The PERMIS X.509 role based privilege management infrastructure , 2003, Future Gener. Comput. Syst..