Securing Systems Intelligently: The Logical Approa
The quantity of generated information we store and need to access is colossal. Security of this information is becoming an issue of greater importance as the techniques and granularity with which it can be accessed become more advanced. Availability of information is a key component of any security system, although the information must be protected, it must also be available to the people who need it as and when they request it. However, increasing the methods by which it is accessible automatically increases the chance it may be compromised. Security systems are now using advanced levels of encryption, digital signatures containing biometric data and highly complex access control policies. We are proposing a security framework with an access control system which reduces the complexity involved in defining authorisation permissions, particularly in structured documents such as XML where the user may be granted restricted access. Our solution employs techniques usually reserved for intelligent systems and the semantic web.
- Agarwal, S. & Sprick, B. (2004) Access Control for Semantic Web Services. IEEE International Conference on Web Services. San Diego, CA.Google Scholar
- Agarwal, S., Sprick, B. & Wortman, S. (2004) Credential Based Access Control for Semantic Web Services. In 2004 AAAI Spring Symposium Series, Stanford, CA.Google Scholar
- Berners-Lee, T. (2000) Keynote Address. XML 2000. http://www.w3.org/2000/Talks/1206-xml2k-tbl/slide10-0.html.
- Bertino, E., Castano, S., Ferrari, E. & Mesiti, M. (1999) Controlled Access and Dissemination of XML Documents. 2nd ACM Workshop on Web Information and Data Management. Kansas City, MO.Google Scholar
- Damiani, E., Capatini di Vimercati, S., Fugazzo, C. & Samarati, P. (2004) Extending Policy Languages to the Semantic Web. International Conference on Web Engineering. Munich Germany.Google Scholar
- Damiani E., Capatini di Vimercati, S., Paraboschi, S. & Samarati, P. (2000) Securing XML Documents. 7th International Conference on Extending Database Technology. Konstanz, Germany.Google Scholar
- Ford, W., Hallam-Baker, P., Fox, B., Dillaway, B., LaMacchia, B., Epstein, J. & Lapp, J. (2001) XML Key Management Specification (XKMS). http://www.w3.org/TR/2001/NOTE-xkms-20010330/.
- Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B. & Dean, M. (2004) SWRL: A Semantic Web Rule Language Combining OWL and RuleML. http://www.daml.org/2003/11/swrl/.
- Kudo, M. & Hada, S. (2000) XML Document Security Based on Provisional Authorization. 7th ACM Conference on Computer and Communication Security. Athens, Greece.Google Scholar
- McGuinness, D. L. & van Harmelen, F. (2004) OWL Web Ontology Language. http://www.w3.org/TR/owl-features/.
- Sandhu, R. S., Coyne, E. J., Feinstein, H. L. & Youman, C. E., (1996) Role-Based Access Control Models. IEEE Computer. 29(2):38–47.Google Scholar
- The Rule Markup Initiative. http://www.ruleml.org/.
- Qin, L. & Atluri, V. (2003) Concept-Level Access Control for the Semantic Web. 2003 ACM Workshop on XML Security. Fairfax, VA.Google Scholar
- Qu, Y., Zhang, X. & Li, H. (2004) OREL: An Ontology-Based Rights Expression Language. 13th World Wide Web Conference. New York.Google Scholar
- XACML Technical Committee (2005) XACML 2.0 Specification Set. http://docs.oasis-open.org/xacml/2.0/access\_control-xacml-2.0-core-spec-os.pdf.
- Xiaopeng, W., Junzhou, L., Aibo, S. & Teng, M (2005) Semantic Access Control in Grid Computing. 11th International Conference on Parallel and Distributed Systems. Fukuoka, Japan.Google Scholar
- Yague, M. I. & Troya, J. M. (2002) A Semantic Approach to Access Control in Web Services. EuroWeb 2002. The Web and the GRID: From E-Science to E-Business. Oxford.Google Scholar
- Yague, M. I., Mana, A., Lopez, J. & Troya, J. M. (2003) Applying the Semantic Web Layers to Access Control. 14th International Workshop on Database and Expert Systems Applications. Prague. Czech Republic.Google Scholar