Fast semantic Attribute-Role-Based Access Control (ARBAC) in a collaborative environment

This paper is an early report of our continuing effort to provide a platform-independent framework so that information originators and security administrators can specify access rights to information consistently and completely, and that this specification is then rigorously enforced. To accomplish this objective it is necessary to link a security policy model to a policy language with sufficient expressive power to ensure logical consistency. For the purposes of this research we are using a modified Attribute-Role-Based Access Control (ARBAC) security model and the Web Ontology Language (OWL) with additional rules in a logic programming framework to express access policy, going beyond the limitations of previous attempts in this vein. In addition we are developing a mechanism using knowledge compilation techniques that allows access policy constraint checking to be implemented in real-time, via a bit-vector encoding that can be used for rapid run-time reasoning.

[1]  Amit Jain,et al.  Secure resource description framework: an access control model , 2006, SACMAT '06.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[3]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[4]  Simon Fraser UniversityBurnaby Heterogeneous Encoding , 1995 .

[5]  Jeffrey M. Bradshaw,et al.  New Developments in Ontology-Based Policy Management: Increasing the Practicality and Comprehensiveness of KAoS , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[6]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[7]  Werner Ceusters,et al.  Ontologies and Semantic Technologies for the Intelligence Community , 2010 .

[8]  Daniel J. Abadi,et al.  Scalable Semantic Web Data Management Using Vertical Partitioning , 2007, VLDB.

[9]  Bhavani M. Thuraisingham,et al.  RDFKB: A Semantic Web Knowledge Base , 2011, IJCAI.

[10]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[11]  Leo Obrst,et al.  Ontologies and Rules for Rapid Enterprise Integration and Event Aggregation , 2007, 2007 Eleventh International IEEE EDOC Conference Workshop.

[12]  Latifur Khan,et al.  A Semantic Web Repository for Managing and Querying Aligned Knowledge , 2010, SEMWEB.

[13]  Latifur Khan,et al.  RDFKB: efficient support for RDF inference queries and knowledge management , 2009, IDEAS '09.

[14]  Lhouari Nourine,et al.  Encoding of Multiple Inheritance Hierarchies and Partial Orders , 1999, Comput. Intell..

[15]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[16]  Dongqing Xie,et al.  Semantic Access Control for Web Services , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[17]  Robert Neches,et al.  Access Control Policies for Semantic Networks , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[18]  Leo Obrst,et al.  Dynamic Web Service Assembly Using OWL and a Theorem Prover , 2009, 2009 IEEE International Conference on Semantic Computing.

[19]  R. Nigel Horspool,et al.  Near Optimal Hierarchical Encoding of Types , 1997, ECOOP.

[20]  Muthucumaru Maheswaran,et al.  An Access Control Scheme for Protecting Personal Data , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[21]  H. Aït-Kaci A lattice theoretic approach to computation based on a calculus of partially ordered type structures (property inheritance, semantic nets, graph unification) , 1984 .

[22]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[23]  Yolande Berbers,et al.  Encoding Semantic Awareness in Resource-Constrained Devices , 2008, IEEE Intelligent Systems.

[24]  Latifur Khan,et al.  Efficient RDF data management including provenance and uncertainty , 2010, IDEAS '10.

[25]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[26]  Guy E. Blelloch,et al.  Compact representations of separable graphs , 2003, SODA '03.

[27]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[28]  Leo Obrst,et al.  Evolving Use of Distributed Semantics to Achieve Net-centricity , 2007, AAAI Fall Symposium: Regarding the Intelligence in Distributed Intelligent Systems.

[29]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[30]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[31]  James P. McGlothlin RDFVector : An Efficient and Scalable Schema for Semantic Web Knowledge Bases , 2010 .

[32]  Patrick Lincoln,et al.  Efficient implementation of lattice operations , 1989, TOPL.

[33]  Timothy W. Finin,et al.  Policy-Based Access Control for an RDF Store , 2005, IJCAI 2007.

[34]  Latifur Khan,et al.  Materializing Inferred and Uncertain Knowledge in RDF Datasets , 2010, AAAI.

[35]  Nachum Dershowitz,et al.  Bit Inference , 2008, PAAR/ESHOL.

[36]  Leo Obrsta,et al.  Fast semantic Attribute-Role-Based Access Control (ARBAC) in a collaborative environment , 2012, COLLABORATECOM 2012.

[37]  Guy E. Blelloch,et al.  An Experimental Analysis of a Compact Graph Representation , 2004, ALENEX/ANALC.

[38]  Ramiro Liscano,et al.  Utilizing Semantic Knowledge for Access Control in Pervasive and Ubiquitous Systems , 2008, 2008 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications.

[39]  Gerhard Weikum,et al.  RDF-3X: a RISC-style engine for RDF , 2008, Proc. VLDB Endow..

[40]  Gail-Joon Ahn,et al.  Beyond User-to-User Access Control for Online Social Networks , 2008, ICICS.

[41]  Leo Obrst,et al.  Using Ontology Alignment to Dynamically Chain Web Services , 2009, OM.

[42]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[43]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[44]  D. Preuveneers,et al.  Prime numbers considered useful: ontology encoding for efficient subsumption testing , 2006 .

[45]  Leo Obrst,et al.  Ontologies for Rapid Integration of Heterogeneous Data for Command, Control, & Intelligence , 2007, OIC.

[46]  Amirreza Masoumzadeh,et al.  OSNAC: An Ontology-based Access Control Model for Social Networking Systems , 2010, 2010 IEEE Second International Conference on Social Computing.