Abstract
Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. Attribute-based access control (ABAC) is more appropriate than some other access control mechanisms, but it do not fully exploit the semantic power and reasoning capabilities of emerging web applications. So a semantic-aware attribute-based access control model (SABAC) is presented to address these issues by combining the ABAC with the Semantic Web technologies in this paper. SABAC grants access to services based on attributes of the related entities, and uses Shibboleth service to address the disclosure issue of the sensitive attributes. In addition, SABAC uses the Web Ontology Language (OWL) standard to represent the ontology of the resources and users and uses eXtensible Access Control Markup Language (XACML) as the policy language. It can provide administratively scalable alternative to identity-based authorization methods and provide semantic interoperability for the access control to Web services. Moreover, SABAC also separates ontology management from access management.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
World Wide Web Consortium. Web service, http://www.w3.org/2002/ws
Sandhu, R.S.: Access Control: The Neglected Frontier. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 219–227. Springer, Heidelberg (1996)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)
Damiani, E., de Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)
Mohammad, A., Al-Kahtani, S.R.: A Model of Attribute-Based User-Role Assignment. In: Proceedings of the 18th Annual Computer Security Application Conference, pp. 353–362 (2002)
Priebe, T., Fernandez, E.B., Mehlau, J.I., Pernul, G.: A Patterns System for Access Control. In: Proceedings of the 18th Annual IFIPWG 11.3 Working Conference on Data and Application Security, pp. 25–28 (2004)
Berners-Lee, T., Hander, J., Lassila, O.: The Semantic Web. Scientific American 284, 34–43 (2001)
Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2008), http://www.oasis-open.org/committees/download.php/28318/xacml-3.0-core-wd06.zip
Carmody, S.: Shibboleth Overview and Requirements. Shibboleth Working Group Document (2001), http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-requirements-01.html
OASIS Standard. Security Assertion Markup Language (SAML) V2.0 (2005), http://docs.oasis-open.org/security/saml/v2.0/
Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: Proceedings of the 4th Annual PKI R&D Workshop, pp. 19–21 (2005)
McGuinness, D.L., van Harmelen, F.: OWL Web Ontology Language Overview (2004), http://www.w3.org/TR/owl-features/
Horrocks, I., Patel-Schneider, P.F., Boley, H.: SWRL: A Semantic Web Rule Language Combining OWL and ReleML (2004), http://www.w3.org/Submission/SWRL/
Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending context descriptions in semantics-aware access control. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 162–176. Springer, Heidelberg (2006)
Simple Object Access Protocol (SOAP) V1.1 (May 2000), http://www.w3.org/TR/2000/NOTE-SOAP-20000508
Protégé Editor and API, http://protege.stanford.edu/plugins/owl
Jess Rule Engine, http://herzberg.ca.sandia.gov/jess
Damiani, E., di Vimercati, S.D.C., Paraboschi, S.: Fine Grained Access Control for SOAP e-services. In: Proceedings of the 10th International Conference on World Wide Web, pp. 504–513 (2001)
Bhatti, R., Bertino, E., Ghafoor, A.: A Trust-based Context-Aware Access Control Model for Web Services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2004), pp. 184–191 (2004)
Feng, X., Jun, X., Hao, H., Li, X.: Context-Aware Role-Based Access Control Model for Web Services. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol. 3252, pp. 430–436. Springer, Heidelberg (2004)
Liu, M., Guo, H.Q., Su, J.D.: An Attribute and Role-Based Access Control Model for Web Services. In: Proceedings of the 4th International Conference on Machine Learning and Cybernetics, pp. 1302–1306 (2005)
Demchenko, Y., Gommans, L.C.: Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Proceedings of the IFIP TC-11 22nd International Information Security Conference, pp. 301–312 (2007)
Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: Proceedings of the IEEE Conference on Web Services (ICWS 2005), pp. 561–569 (2005)
Shen, H.B., Hong, F.: An Attribute–Based Access Control Model for Web Services. In: Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74–79 (2006)
Coetzee, M., Eloff, J.H.P.: A Trust and Context Aware Access Control Model for Web Service Conversations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol. 4657, pp. 115–124. Springer, Heidelberg (2007)
Damiani, E., de Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)
Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control with Ontologies. In: The First International Conference on Availability, Reliability and Security (ARES 2006), pp. 465–472 (2006)
Warner, J., Atluri, V., Mukkamala, R., Vaidya, J.: Using semantics for automatic enforcement of access control policies among dynamic coalitions. In: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 235–244 (2007)
Shields, B., Molloy, O., Lyons, G., Duggan, J.: Using Semantic Rules to Determine Access Control for Web Services. In: Proceedings of the 15th international conference on World Wide Web, pp. 913–914 (2006)
Coetzee, M., Eloff, J.H.P.: A Logic-based Access Control Approach for Web Services. In: Proceedings of the ISSA 2004 Enabling Tomorrow Conference, Information Security South Africa, pp. 1–11 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shen, H. (2009). A Semantic-Aware Attribute-Based Access Control Model for Web Services. In: Hua, A., Chang, SL. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2009. Lecture Notes in Computer Science, vol 5574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03095-6_65
Download citation
DOI: https://doi.org/10.1007/978-3-642-03095-6_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03094-9
Online ISBN: 978-3-642-03095-6
eBook Packages: Computer ScienceComputer Science (R0)