Abstract
We show how Semantic Web technologies can be used to build an access control system. We follow the role-based access control approach (RBAC) and extend it with contextual attributes. Our approach provides for the dynamic association of roles with users. A Description Logic (DL) reasoner is used to classify both users and resources, and verify the consistency of the access control policies. We mitigate the limited expressive power of the DL formalism by refining the output of the DL reasoner with SPARQL queries. Finally, we provide a proof-of-concept implementation of the system written in Java.TM
Work supported in part by NSF grants IIS-0326284, IIS-0324846, IIS-0513553, IIS-0713403, and OCI-0724806.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Al-Kahtani, M.A., Sandhu, R.S.: Induced role hierarchies with attribute-based RBAC. In: 8th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 142–148. ACM Press, New York (2003)
Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. Future Generation Computer Systems 19(2), 277–289 (2003)
Damiani, M.L., Bertino, E., Catania, B., Perlasca, P.: GEO-RBAC: A spatially aware RBAC. ACM Trans. on Information and System Security 10(1), 2 (2007)
de Laborda, C.P., Conrad, S.: Bringing relational data into the Semantic Web using SPARQL and Relational.OWL. In: 3rd Int. Workshop on Semantic Web and Databases (SWDB), IEEE, Los Alamitos (2006)
Di, W., Jian, L., Yabo, D., Miaoliang, Z.: Using semantic web technologies to specify constraints of RBAC. In: 6th Int. Conf. on Parallel and Distributed Computing Applications and Technologies (PDCAT), pp. 543–545. IEEE, Los Alamitos (2005)
Drummond, N., Rector, A., Stevens, R., Moulton, G., Horridge, M., Wang, H.H., Seidenberg, J.: Putting OWL in order: Patterns for sequences in OWL. In: OWL: Experiences and Directions (OWLED) ISWC Workshop (2006)
Horrocks, I., Kutz, O., Sattler, U.: The even more irresistible SROIQ. In: 10th International Conference on Principles of Knowledge Representation and Reasoning (KR), pp. 57–67 (2006)
Kagal, L., Berners-Lee, T., Connolly, D., Weitzner, D.: Self-describing delegation networks for the Web. In: 7th IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 205–214. IEEE, Los Alamitos (2006)
Kagal, L., Berners-Lee, T., Connolly, D., Weitzner, D.J.: Using Semantic Web technologies for policy management on the Web. In: 21st National Conference on Artificial Intelligence (AAAI), AAAI Press (2006)
Neumann, G., Strembeck, M.: Design and implementation of a flexible RBAC-service in an object-oriented scripting language. In: 8th ACM Conference on Computer and Communications Security (CCS), pp. 58–67 (2001)
Rector, A.: Representing specified values in OWL: “value partitions” and “value sets”. Note NOTE-swbp-specified-values-20050517, W3C (May 2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Scavo, T., Cantor, S.: Shibboleth Architecture, Technical Overview, Working Draft 02. Technical report, Internet2 Consortium (June 2005)
Seidenberg, J., Rector, A.L.: Representing transitive propagation in OWL. In: Embley, D.W., Olivé, A., Ram, S. (eds.) ER 2006. LNCS, vol. 4215, pp. 255–266. Springer, Heidelberg (2006)
Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Trans. on Information and System Security 7(3), 392–427 (2004)
Tolone, W., Ahn, G.-J., Pai, T., Hong, S.-P.: Access control in collaborative systems. ACM Computing Surveys 37(1), 29–41 (2005)
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A semantic context-aware access control framework for secure collaborations in pervasive computing environments. In: 5th International Semantic Web Conference, pp. 473–486 (2006)
Uszok, A., Bradshaw, J.M., Johnson, M., Jeffers, R., Tate, A., Dalton, J., Aitken, S.: KAoS policy management for semantic web services. IEEE Intelligent Systems 19(4), 32–41 (2004)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: ACM Workshop on Formal Methods in Security Engineering (FMSE), pp. 45–55. ACM Press, New York (2004)
Xiao, H., Cruz, I.F.: Integrating and Exchanging XML Data Using Ontologies. In: Spaccapietra, S., Aberer, K., Cudré-Mauroux, P. (eds.) Journal on Data Semantics VI. LNCS, vol. 4090, pp. 67–89. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cirio, L., Cruz, I.F., Tamassia, R. (2007). A Role and Attribute Based Access Control System Using Semantic Web Technologies. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2007: OTM 2007 Workshops. OTM 2007. Lecture Notes in Computer Science, vol 4806. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76890-6_53
Download citation
DOI: https://doi.org/10.1007/978-3-540-76890-6_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76889-0
Online ISBN: 978-3-540-76890-6
eBook Packages: Computer ScienceComputer Science (R0)