Skip to main content
SpringerLink
Log in

A Semantic-Aware Attribute-Based Access Control Model for Web Services

  • Conference paper
Algorithms and Architectures for Parallel Processing (ICA3PP 2009)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5574))

Abstract

Web service is a new service-oriented computing paradigm which poses the unique security challenges due to its inherent heterogeneity, multi-domain characteristic and highly dynamic nature. A key challenge in Web services security is the design of effective access control schemes. Attribute-based access control (ABAC) is more appropriate than some other access control mechanisms, but it do not fully exploit the semantic power and reasoning capabilities of emerging web applications. So a semantic-aware attribute-based access control model (SABAC) is presented to address these issues by combining the ABAC with the Semantic Web technologies in this paper. SABAC grants access to services based on attributes of the related entities, and uses Shibboleth service to address the disclosure issue of the sensitive attributes. In addition, SABAC uses the Web Ontology Language (OWL) standard to represent the ontology of the resources and users and uses eXtensible Access Control Markup Language (XACML) as the policy language. It can provide administratively scalable alternative to identity-based authorization methods and provide semantic interoperability for the access control to Web services. Moreover, SABAC also separates ontology management from access management.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. World Wide Web Consortium. Web service, http://www.w3.org/2002/ws

  2. Sandhu, R.S.: Access Control: The Neglected Frontier. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 219–227. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3), 224–274 (2001)

    Article  Google Scholar 

  4. Damiani, E., de Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)

    Google Scholar 

  5. Mohammad, A., Al-Kahtani, S.R.: A Model of Attribute-Based User-Role Assignment. In: Proceedings of the 18th Annual Computer Security Application Conference, pp. 353–362 (2002)

    Google Scholar 

  6. Priebe, T., Fernandez, E.B., Mehlau, J.I., Pernul, G.: A Patterns System for Access Control. In: Proceedings of the 18th Annual IFIPWG 11.3 Working Conference on Data and Application Security, pp. 25–28 (2004)

    Google Scholar 

  7. Berners-Lee, T., Hander, J., Lassila, O.: The Semantic Web. Scientific American 284, 34–43 (2001)

    Article  Google Scholar 

  8. Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS Standard (2008), http://www.oasis-open.org/committees/download.php/28318/xacml-3.0-core-wd06.zip

  9. Carmody, S.: Shibboleth Overview and Requirements. Shibboleth Working Group Document (2001), http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-requirements-01.html

  10. OASIS Standard. Security Assertion Markup Language (SAML) V2.0 (2005), http://docs.oasis-open.org/security/saml/v2.0/

  11. Welch, V., Barton, T., Keahey, K., Siebenlist, F.: Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration. In: Proceedings of the 4th Annual PKI R&D Workshop, pp. 19–21 (2005)

    Google Scholar 

  12. McGuinness, D.L., van Harmelen, F.: OWL Web Ontology Language Overview (2004), http://www.w3.org/TR/owl-features/

  13. Horrocks, I., Patel-Schneider, P.F., Boley, H.: SWRL: A Semantic Web Rule Language Combining OWL and ReleML (2004), http://www.w3.org/Submission/SWRL/

  14. Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending context descriptions in semantics-aware access control. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 162–176. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Simple Object Access Protocol (SOAP) V1.1 (May 2000), http://www.w3.org/TR/2000/NOTE-SOAP-20000508

  16. Protégé Editor and API, http://protege.stanford.edu/plugins/owl

  17. Jess Rule Engine, http://herzberg.ca.sandia.gov/jess

  18. Damiani, E., di Vimercati, S.D.C., Paraboschi, S.: Fine Grained Access Control for SOAP e-services. In: Proceedings of the 10th International Conference on World Wide Web, pp. 504–513 (2001)

    Google Scholar 

  19. Bhatti, R., Bertino, E., Ghafoor, A.: A Trust-based Context-Aware Access Control Model for Web Services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2004), pp. 184–191 (2004)

    Google Scholar 

  20. Feng, X., Jun, X., Hao, H., Li, X.: Context-Aware Role-Based Access Control Model for Web Services. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds.) GCC 2004. LNCS, vol. 3252, pp. 430–436. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Liu, M., Guo, H.Q., Su, J.D.: An Attribute and Role-Based Access Control Model for Web Services. In: Proceedings of the 4th International Conference on Machine Learning and Cybernetics, pp. 1302–1306 (2005)

    Google Scholar 

  22. Demchenko, Y., Gommans, L.C.: Extending Role Based Access Control Model for Distributed Multidomain Applications. In: Proceedings of the IFIP TC-11 22nd International Information Security Conference, pp. 301–312 (2007)

    Google Scholar 

  23. Yuan, E., Tong, J.: Attributed Based Access Control (ABAC) for Web Services. In: Proceedings of the IEEE Conference on Web Services (ICWS 2005), pp. 561–569 (2005)

    Google Scholar 

  24. Shen, H.B., Hong, F.: An Attribute–Based Access Control Model for Web Services. In: Proceedings of the 7th International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 74–79 (2006)

    Google Scholar 

  25. Coetzee, M., Eloff, J.H.P.: A Trust and Context Aware Access Control Model for Web Service Conversations. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds.) TrustBus. LNCS, vol. 4657, pp. 115–124. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  26. Damiani, E., de Capitani di Vimercati, S., Samarati, P.: New Paradigms for Access Control in Open Environments. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, pp. 540–545 (2005)

    Google Scholar 

  27. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting Attribute-based Access Control with Ontologies. In: The First International Conference on Availability, Reliability and Security (ARES 2006), pp. 465–472 (2006)

    Google Scholar 

  28. Warner, J., Atluri, V., Mukkamala, R., Vaidya, J.: Using semantics for automatic enforcement of access control policies among dynamic coalitions. In: Proceedings of the 12th ACM symposium on Access control models and technologies, pp. 235–244 (2007)

    Google Scholar 

  29. Shields, B., Molloy, O., Lyons, G., Duggan, J.: Using Semantic Rules to Determine Access Control for Web Services. In: Proceedings of the 15th international conference on World Wide Web, pp. 913–914 (2006)

    Google Scholar 

  30. Coetzee, M., Eloff, J.H.P.: A Logic-based Access Control Approach for Web Services. In: Proceedings of the ISSA 2004 Enabling Tomorrow Conference, Information Security South Africa, pp. 1–11 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, Hubei University of Technology, Wuhan, 430068, China

    Haibo Shen

Authors
  1. Haibo Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, 106, Taipei City, Taiwan, ROC

    Arrems Hua  & Shih-Liang Chang  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shen, H. (2009). A Semantic-Aware Attribute-Based Access Control Model for Web Services. In: Hua, A., Chang, SL. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2009. Lecture Notes in Computer Science, vol 5574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03095-6_65

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03095-6_65

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03094-9

  • Online ISBN: 978-3-642-03095-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation