Abstract
This paper presents a rule-based, domain specific language for modeling access control policies which is particularly suitable for managing security in the semantic web, since (i) it allows one to evaluate authorization requests according to semantic information retrieved from remote knowledge bases; (ii) it supports semantic-based policy composition, delegation and closure via flexible operators which can be defined by security administrators in a pure declarative way with little effort. The operational engine of the language smoothly integrates description logic into standard term rewriting giving support to reasoning capabilities which are particularly useful in this context, since they allow one to naturally combine and reuse data extracted from multiple knowledge bases. Such a rewrite engine can be used to evaluate authorization requests w.r.t. a policy specification as well as to formally check properties regarding the security domain to be protected. The language we propose has been implemented in a prototypical system, which is written in Haskell. Some case studies have been analyzed to highlight the potentiality of our approach.
This work has been partially supported by the Italian MUR under grant RBIN04M8S8, FIRB project, Internationalization 2004.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Baader, F., Calvanese, D., McGuinness, D., Nardi, D., Patel-Scheider, P. (eds.): The Description Logic Handbook. Cambridge University Press, Cambridge (2003)
Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)
Baggi, M., Ballis, D., Falaschi, M.: Paul - The Policy Specification and Analysis Language (2009), http://sole.dimi.uniud.it/~michele.baggi/paul
Barker, S., Fernández, M.: Term rewriting for access control. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 179–193. Springer, Heidelberg (2006)
Bechhofer, S..: The DIG Description Logic Interface: DIG/1.1. Tech. rep., University of Manchester (2003)
Bertolissi, C., Fernández, M.: A Rewriting Framework for the Composition of Access Control Policies. In: 10th Int’l ACM SIGPLAN Conference on Principles and Practice of Declarative Programming (PPDP 2008), pp. 217–225. ACM, New York (2008)
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An Algebra for Composing Access Control Policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)
World Wide Web Consortium (W3C): OWL Web Ontology Language Guide (2004), http://www.w3.org/
Damiani, E., di Vimercati, S.D.C., Fugazza, C., Samarati, P.: Extending policy languages to the semantic web. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 330–343. Springer, Heidelberg (2004)
Dean, M., Schreiber, G.: OWL Web Ontology Language Reference — W3C recommendation (2004), http://www.w3.org/TR/owl-ref/
Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.P.: Security for DAML web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
DeTreville, J.: Binder, a Logic-Based Security Language. In: 2002 IEEE Symposium on Security and Privacy, pp. 105–113. IEEE Computer Society, Los Alamitos (2002)
Dougherty, D.J., Kirchner, C., Kirchner, H., de Oliveira, A.S.: Modular access control via strategic rewriting. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 578–593. Springer, Heidelberg (2007)
Finin, T.W., Joshi, A.: Agents, Trust, and Information Access on the Semantic Web. SIGMOD Record 31(4), 30–35 (2002)
Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)
Kagal, L., Berners-Lee, T., Connolly, D., Weitzner, D.J.: Using Semantic Web Technologies for Policy Management on the Web. In: 21st National Conference on Artificial Intelligence AAAI 2006, AAAI Press, Menlo Park (2006)
Kagal, L., Finin, T.W., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)
Kirchner, C., Kirchner, H., de Oliveira, A.S.: Analysis of Rewrite-Based Access Control Policies. ENTCS 234, 55–75 (2009)
Kolovski, V., Hendler, J., Parsia, B.: Analyzing Web Access Control Policies. In: 16th Int’l Conference on World Wide Web (WWW 2007), pp. 677–686. ACM, New York (2007)
Li, N., Grosof, B.N., Feigenbaum, J.: Delegation Logic: A Logic-Based Approach to Distributed Authorization. ACM Transactions on Information and System Security 6(1), 128–171 (2003)
Moses, T.: eXtensible Access Control Markup Language (XACML) v2.0. Technical report, OASIS (2005)
Padawitz, P.: Computing in Horn Clause Theories. In: EATCS Monographs on Theoretical Computer Science, vol. 16. Springer, Heidelberg (1988)
Sirin, E., Parsia, B., Grau, B.C., Kalyanpur, A., Katz, Y.: Pellet: a Practical OWL-DL Reasoner. Journal of Web Semantics 5(2), 51–53 (2007)
Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, J.S.: Kaos Policy Management for Semantic Web Services. IEEE Intelligent Systems 19(4), 32–41 (2004)
World Wide Web Consortium (W3C): Web Services Policy 1.2 - Framework, WS-Policy (2006), http://www.w3.org/Submission/WS-Policy/
Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on RBAC: A description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baggi, M., Ballis, D., Falaschi, M. (2011). An Access Control Language Based on Term Rewriting and Description Logic. In: Mariño, J. (eds) Functional and Constraint Logic Programming. WFLP 2010. Lecture Notes in Computer Science, vol 6559. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20775-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-20775-4_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20774-7
Online ISBN: 978-3-642-20775-4
eBook Packages: Computer ScienceComputer Science (R0)