Abstract
To solve the shortage problem of the semantic description scope and verification capability existed in the security policy, a semantic description method for the security policy based on ontology is presented. By defining the basic elements of the security policy, the relationship model between the ontology and the concept of security policy based on the Web ontology language (OWL) is established, so as to construct the semantic description framework of the security policy. Through modeling and reasoning in the Protégé, the ontology model of authorization policy is proposed, and the first-order predicate description logic is introduced to the analysis and verification of the model. Results show that the ontology-based semantic description of security policy has better flexibility and practicality.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Basin D, Juge V, Klaegtke F, et al. Enforceable security policies revisited [J]. ACM Transactions on Information and System Security, 2013, 16(1): 31–56.
Han W L, Lei C. A survey on policy languages in network and security management [J]. Computer Network, 2012, 56(1): 477–489.
Lymberopoulos L, Lupu E, Sloman M. Ponder policy implementation and validation in a CIM and differentiated services framework[C] // Proc of the IEEE/IFIP Network Operations and Management Symposium. Seoul: IEEE Press, 2004: 31–44.
Carroline D P K R, Hanne R N, Flemming N. The logic of XACML [J]. Science of Computer Programming, 2014, 83:80–105.
Bertino E, Mileo A, Provetti A. PDL with preferences[C]// Proc of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks. Stockolm: IEEE Press, 2005: 213–222.
Xia C H, Wei Y D, Li X J, et al. A computer network defense policy specification language [J]. Journal of Computer Research and Development, 2009, 46(1):89–99 (Ch).
Bao Y B, Yin L H, Fang B X, et al. Logic-based dynamic security policy language and verification [J]. Journal of Computer Research and Development, 2013, 50(5): 932–941(Ch).
Shen Y M, Ma Y, Cao C G, et al. Faithful and full translations between logics [J]. Journal of Software, 2013, 24(7):1626–1637(Ch).
Hu L K, Chen X, Chai X, et al. Multi-ontology system based approach of access control for semantic Web services [J]. Computer Science, 2012, 39(12): 107–113(Ch).
Ángel G C, Juan M G B, Ricardo C P, et al. SecurOntology: A semantic Web access control framework [J]. Computer Standards & Interfaces, 2011, 33(1): 42–49.
Wei Z Q, Zhou W, Ren X J, et al. A strategy-proof trust based decision mechanism for pervasive computing environments [J]. Chinese Journal of Computers, 2012, 35(5): 871–882(Ch).
Daniel F, Stefan F, Lukas L. Toward web-based information security knowledge sharing [J]. Information Security Technical Report, 2013, 17(4): 199–209.
Zhu X D, Xiao F X, Huang Z Q, et al. Description logic based extended predictive model markup language EPMML [J]. Chinese Journal of Computers, 2012, 35(8): 1644–1654(Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Natural Science Foundation of China (61462020, 61363006, 61163057), the Guangxi Experiment Center of Information Science Foundation (20130329) and the Guangxi Natural Science Foundation (2014GXNSFAA118375)
Biography: TANG Chenghua, male, Ph.D., research direction: information security, data mining, and security policy analysis.
Rights and permissions
About this article
Cite this article
Tang, C., Wang, L., Tang, S. et al. Semantic description and verification of security policy based on ontology. Wuhan Univ. J. Nat. Sci. 19, 385–392 (2014). https://doi.org/10.1007/s11859-014-1029-x
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-014-1029-x