Access Control Policies for Semantic Networks (original) (raw)

Applying the semantic Web layers to access control

14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings., 2003

The Semantic Web, also known as the Web of meaning, is considered the new generation of the Web. Its objective is to enable computers and people to work in cooperation. A requisite for this is encoding data in forms that make web contents (meaning, semantics) more understandable by algorithmic means. In this paper, we present the application of Semantic Web concepts and technologies to the access control area. The Semantic Access Control Model (SAC) uses different layers of metadata to take advantage of the semantics of the different components relevant for the access decision. We have developed a practical application of this access control model based on a specific language, denominated Semantic Policy Language (SPL), for the description of access criteria. This work demonstrates how the semantic web concepts and its layers infrastructure may play an important role in many relevant fields, such as the case of access control and authorization fields.

An Access Control Model for Linked Data

Lecture Notes in Computer Science, 2011

Linked Open Data refers to a set of best practices for the publication and interlinking of structured data on the Web in order to create a global interconnected data space called Web of Data. To ensure the resources featured in a dataset are richly described and, at the same time, protected against malicious users, we need to specify the conditions under which a dataset is accessible. Being able to specify access terms should also encourage data providers to publish their data. We introduce a lightweight vocabulary, called Social Semantic SPARQL Security for Access Control Ontology (S4AC), allowing the definition of fine-grained access control policies formalized in SPARQL, and enforced when querying Linked Data. In particular, we define an access control model providing the users with means to define policies for restricting the access to specific RDF data, based on social tags, and contextual information.

Social Semantic Network-Based Access Control

Lecture Notes in Social Networks, 2013

Social networks are the basis of the so called Web 2.0, raising many new challenges to the research community. In particular, the ability of these networks to allow the users to share their own personal information with other people opens new issues concerning privacy and access control. Nowadays the Web has further evolved into the Social Semantic Web where social networks are integrated and enhanced by the use of semantic conceptual models, e.g., the ontologies, where the social information and links among the users become semantic information and links. In this paper, we discuss which are the benefits of introducing semantics in social network-based access control. In particular, we analyze and detail two approaches to manage the access rights of the social network users relying on Semantic Web languages only, and we highlight, thanks to these two proposals, what are pros and cons of introducing semantics in social networks access control. Finally, we report on the other existing approaches coupling semantics and access control in the context of social networks.

SecurOntology: A semantic web access control framework

Computer Standards & Interfaces, 2011

Security and privacy are key concerns on the Internet. Policies representing resource access based on knowledge-oriented descriptions have gained momentum with the emergence of semantic technologies. Traditional access control frameworks were syntactic and error prone, lacking the necessary expressivity and efficiency of a solution where soundness and completeness of the underlying logics in access control descriptions could be critical to harness their potential. In this paper, SecurOntology is presented. SecurOntology encompasses a three-fold strategy: an ontology for access control, a logical declarative framework and a software architecture as a proof-of-concept of the advantages of this solution.

Access Control via Lightweight Ontologies

2011

The paper presents Relation Based Access Control RelBAC, a model and a logic for access control which models communities, possibly nested, and resources, possibly organized inside complex file systems, as lightweight ontologies, and permissions as relations between subjects and objects. RelBAC allows us to represent expressive access control rules beyond the current state of the art, and to deal with the strong dynamics of subjects, objects and permissions which arise in Web 2.0 applications (e.g. social networks). Finally, as shown in the paper, using RelBAC, it becomes possible to reason about access control policies and, in particular to compute candidate permissions by matching subject ontologies (representing their interests) with resource ontologies (describing their characteristics).

Ontology-Based Access Rights Management

Studies in Computational Intelligence, 2012

In this paper we propose an approach to manage access rights in a content management systems which relies on semantic web models and technologies. We present the AMO ontology which consists (1) in a set of classes and properties dedicated to the annotation of resources whose access should be controlled and (2) in a base of inference rules modeling the access management strategy to carry out. When applied to the annotations of the resources whose access should be controlled, these rules enable to manage access according to a given strategy. This modelisation is flexible, extendable and ensures the adaptability of the AMO ontology to any access management strategy. We illustrate the use of AMO on the documents of a collaborative website managed by the semantic wiki SweetWiki in the ANR ISICIL project. We show how to annotate documents with AMO, we explain which AMO inference rules can be applied and which semantic queries finally enable to control access to SweetWiki documents.

Controlling Access to RDF Graphs

Lecture Notes in Computer Science, 2010

One of the current barriers towards realizing the huge potential of Future Internet is the protection of sensitive information, i.e., the ability to selectively expose (or hide) information to (from) users depending on their access privileges. Given that RDF has established itself as the de facto standard for data representation over the Web, our work focuses on controlling access to RDF data. We present a high-level access control specification language that allows fine-grained specification of access control permissions (at triple level) and formally define its semantics. We adopt an annotation-based enforcement model, where a user can explicitly associate data items with annotations specifying whether the item is accessible or not. In addition, we discuss the implementation of our framework, propose a set of dimensions that should be considered when defining a benchmark to evaluate the different access control enforcement models and present the results of our experiments conducted on different Semantic Web platforms.

Personalizable Ontology Based Access Control

Gazi University Journal of …, 2010

The main idea of Semantic Web is creating web pages which are also understood by machines and using ontologies to unify data. Improving a secure Semantic Web is one of the main works in Semantic Web research area. For this purpose, policies are used. Policy is a set of rules and provides an access control mechanism for a resource without making any change in that resource. Policy management in Semantic Web is used to define rules for accessing a resource and to provide users to interpret and comply with these rules. One of the key features to develop successful personalized Semantic Web applications is to build user profiles. In this paper, we developed an Ontology-Based Access Control (OBAC) model. This model represents domain and profile information semantically and has a profile based policy approach in order to achieve a personalized policy management for Semantic Web. We store personal information in profiles and model this information semantically to make it part of access control model. Thus, we created two kinds of policies: domain and profile based policies. We implemented an Ontology-Based Access Control application which creates, modifies, and deletes policy ontologies. Policy conflicts are also resolved to provide fine-grained policies in OBAC model. The main contributions of this work are: defining semantically rich resource and entity policies for an Ontology-Based Access Control mechanism and making use of these policies in terms of the personalization scope.

Osnac: An ontology-based access control model for social networking systems

2010

As the information flowing around in social networking systems is mainly related or can be attributed to their users, controlling access to such information by individual users becomes a natural requirement. The intricate semantic relations among data objects, different users, and between data objects and users further add to the complexity of access control needs. In this paper, we propose an access control model based on Semantic Web technologies that takes into account the above mentioned complex relations. The proposed model enables expressing much more fine-grained access control policies on a social network knowledge base than the few existing models. We demonstrate the applicability of our approach by implementing a proof-of-concept prototype of the proposed access control framework.

Relation Based Access Control: Logic and Policies

2010

The Web 2.0, GRID applications and more recently semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules.