Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Access control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints.

[1]  Isabel F. Cruz,et al.  A Constraint and Attribute Based Security Framework for Dynamic Role Assignment in Collaborative Environments , 2008, CollaborateCom.

[2]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[3]  M. Amini,et al.  A history based semantic aware access control model using logical time , 2008, 2008 11th International Conference on Computer and Information Technology.

[4]  Kristen J. Mathews Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age , 2011 .

[5]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[6]  Fabio Ricciato,et al.  Building a decentralized, cooperative, and privacy-preserving monitoring system for trustworthiness: the approach of the EU FP7 DEMONS project [Very Large Projects] , 2011, IEEE Communications Magazine.

[7]  Dimitra I. Kaklamani,et al.  A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress , 2011, FPS.

[8]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[9]  Serge Gutwirth,et al.  European Data Protection: Coming of Age , 2013, European Data Protection.

[10]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[11]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[12]  Elisa Bertino,et al.  Dependencies and separation of duty constraints in GTRBAC , 2003, SACMAT '03.

[13]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[14]  Daniel J. Solove,et al.  A Brief History of Information Privacy Law , 2006 .

[15]  Dimitra I. Kaklamani,et al.  Privacy Protection in Context-Aware Web Services , 2010 .

[16]  Jeffrey M. Bradshaw,et al.  Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder , 2003, SEMWEB.

[17]  I-Ching Hsu,et al.  Extensible access control markup language integrated with Semantic Web technologies , 2013, Inf. Sci..

[18]  Nora Kamprath,et al.  Supporting attribute-based access control with ontologies , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[19]  Roger Brownsword Reinventing Data Protection , 2009 .

[20]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations: Important Aspects and Technical Approaches , 2004, TrustBus.

[21]  Mohammad Ashiqur Rahaman,et al.  XML secure views using semantic access control , 2010, EDBT '10.

[22]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[23]  Nora Cuppens-Boulahia,et al.  Dynamic deployment of context-aware access control policies for constrained security devices , 2011, J. Syst. Softw..

[24]  J. Noll,et al.  Semantic Access Control in Web Based Communities , 2008, 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008).

[25]  Dimitra I. Kaklamani,et al.  Legislation-Aware Privacy Protection in Passive Network Monitoring , 2010 .

[26]  T. J. McIntyre Reinventing data protection? , 2010, Comput. Law Secur. Rev..

[27]  Nora Cuppens-Boulahia,et al.  A privacy-aware access control model for distributed network monitoring , 2013, Comput. Electr. Eng..

[28]  Nora Cuppens-Boulahia,et al.  An extended RBAC profile of XACML , 2006, SWS '06.

[29]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[30]  Dimitra I. Kaklamani,et al.  Leveraging Access Control for Privacy Protection: A Survey , 2012 .

[31]  Ho-fung Leung,et al.  Ontology Based Hybrid Access Control for Automatic Interoperation , 2007, ATC.

[32]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[33]  Peng Liu,et al.  Semantic access control for information interoperation , 2006, SACMAT '06.

[34]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[35]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[36]  Amirreza Masoumzadeh,et al.  OSNAC: An Ontology-based Access Control Model for Social Networking Systems , 2010, 2010 IEEE Second International Conference on Social Computing.

[37]  Vijayalakshmi Atluri,et al.  Privacy-preserving semantic interoperation and access control of heterogeneous databases , 2006, ASIACCS '06.

[38]  Quan Z. Sheng,et al.  Enabling Context-Aware Web Services - Methods, Architectures, and Technologies , 2010 .

[39]  Dimitra I. Kaklamani,et al.  A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring , 2011, DPM/SETOP.

[40]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[41]  Zhengqiu He,et al.  Using Semantic Web Techniques to Implement Access Control for Web Service , 2010, ICICA.

[42]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).