Abstract
As more private data is entering the web, defining authorization about its access is crucial for privacy protection. This paper proposes a policy language that leverages SPARQL expressiveness and popularity for flexible access control management and enforces the protection using temporal graphs. The temporal graphs are created during the authentication phase and are cached for further usage. They enable design-time policy testing and debugging, which is necessary for correctness guarantee.
The security never comes with convenience, and this paper examines the environments in which the temporal graphs are suitable. Based on the evaluation results, an approximated function is defined for suitability determination based on the expected temporal graph size.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In this paper we will use the term requester instead of subject, since it beater describes the actor that is interacting with the system.
- 2.
In this description the partial data filter function \(\varphi \) has superscript + or − if it is part of a policy with enforcement method \(\epsilon _+\) and \(\epsilon _-\), correspondingly.
- 3.
- 4.
- 5.
- 6.
The variable names ?s, ?p and ?o are chosen for convenience, while in the implementation their names are randomly generated.
- 7.
The term unifies the IRI and literal elements.
- 8.
- 9.
References
Abel, F., De Coi, J.L., Henze, N., Koesling, A.W., Krause, D., Olmedilla, D.: Enabling advanced and context-dependent access control in RDF stores. In: Aberer, K., et al. (eds.) The Semantic Web, ASWC/ISWC -2007. LNCS, vol. 4825, pp. 1–14. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76298-0_1
Armando, A., Carbone, R., Compagna, L., Cuellar, J., Tobarra. L.: Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering, pp 1–10. ACM (2008)
Berners-Lee, T., Hendler, J., Lassila, O., et al.: The semantic web. Sci. Am. 284(5), 28–37 (2001)
Bizer, C., Heath, T., Berners-Lee. T.: Linked data-the story so far. In: Semantic Services, Interoperability and Web Applications: Emerging Concepts, pp. 205–227 (2009)
Costabello, L., Villata, S., Rodriguez Rocha, O., Gandon, F.: Access control for HTTP operations on linked data. In: Cimiano, P., Corcho, O., Presutti, V., Hollink, L., Rudolph, S. (eds.) The Semantic Web: Semantics and Big Data, ESWC 2013. LNCS, vol. 7882, pp. 185–199. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38288-8_13
Dietzold, S., Auer, S.: Access control on RDF triple stores from a semantic wiki perspective. In: ESWC Workshop on Scripting for the Semantic Web. Citeseer (2006)
Flouris, G., Fundulaki, I., Michou, M., Antoniou, G.: Controlling access to RDF graphs. In: Berre, A.J., Gómez-Pérez, A., Tutschku, Kurt, Fensel, D. (eds.) Future Internet - FIS 2010, FIS 2010. LNCS, vol. 6369, pp. 107–117. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15877-3_12
Franzoni, S., Mazzoleni, P., Valtolina, S., Bertino, E.: Towards a fine-grained access control model and mechanisms for semantic databases. In: IEEE International Conference on Web Services (ICWS 2007), pp. 993–1000. IEEE (2007)
Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala. S.: Oasis extensible access control 2 markup language (xacml) 3. Technical report, OASIS (2002)
Grzegorowski, M., Zdravevski, E., Janusz, A., Lameski, P., Apanowicz, C., Slezak, D.: Cost optimization for big data workloads based on dynamic scheduling and cluster-size tuning. Big Data Res. 25, 100203 (2021)
Hardt, D.: The OAuth 2.0 authorization framework (2012)
Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on, pp. 63–74. IEEE (2003)
Kirrane, S.: Linked data with access control. Ph.D. Thesis (2015)
Kirrane, S., Mileo, A., Decker, S.: Access control and the resource description framework: a survey. Seman. Web 8(2), 311–352 (2017)
Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th international conference on World Wide Web, pp. 677–686. ACM (2007)
Muhleisen, H., Kost, M., Freytag, J.-C.: SWRL-based access policies for linked data. Procs of SPOT, 80 (2010)
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S.: fQuery: SPARQL query rewriting to enforce data confidentiality. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy XXIV, DBSec 2010. LNCS, vol. 6166, pp. 146–161. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13739-6_10
Scarioni, C.: Pro Spring Security. Apress, New York City (2013)
Sporny, M., Inkster, T., Story, H., Harbulot, B., Bachmann-Gmür, R.: Webid 1.0: Web identification and discovery. Editor’s draft, W3C (2011)
Stojanov, R., Gramatikov, S., Mishkovski, I., Trajanov, D.: Linked data authorization platform. IEEE Access 6, 1189–1213 (2017)
Stojanov, R., Gramatikov, S., Popovski, O., Trajanov, D.: Semantic-driven secured data access in distributed IoT systems. In: 2018 26th Telecommunications Forum (TELFOR), pp. 420–425. IEEE (2018)
Stojanov, R., Jovanovik, M.: Authorization proxy for SPARQL endpoints. In: Trajanov, D., Bakeva, V. (eds.) ICT Innovations 2017. CCIS, vol. 778, pp. 205–218. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67597-8_20
Story, H., Harbulot, B., Jacobi, I., Jones, M.: FOAF+ SSl: restful authentication for the social web. In: Proceedings of the First Workshop on Trust and Privacy on the Social and Semantic Web (SPOT2009) (2009)
Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: Proteus: a semantic context-aware adaptive policy model. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’07), pp. 129–140. IEEE (2007)
Zdravevski, E., Lameski, P., Apanowicz, C., Ślȩzak, D.: From big data to business analytics: the case study of churn prediction. Appl. Soft Comput. 90, 106164 (2020)
Zdravevski, E., Lameski, P., Kulakov, A., Filiposka, S., Trajanov, D., Jakimovski, B.: Parallel computation of information gain using Hadoop and MapReduce. In: 2015 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 181–192 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Stojanov, R., Popovski, O., Jovanovik, M., Zdravevski, E., Lameski, P., Trajanov, D. (2021). Temporal Authorization Graphs: Pros, Cons and Limits. In: Pires, I.M., Spinsante, S., Zdravevski, E., Lameski, P. (eds) Smart Objects and Technologies for Social Good. GOODTECHS 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 401. Springer, Cham. https://doi.org/10.1007/978-3-030-91421-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-91421-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91420-2
Online ISBN: 978-3-030-91421-9
eBook Packages: Computer ScienceComputer Science (R0)