Skip to main content
SpringerLink
Log in

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8352))

Included in the following conference series:

Abstract

Access control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Naturally, the information model may vary depending on the application domain; still, several concepts (e.g., organisational roles, operations, data types, etc.) are pervasive and are the focus of the following.

  2. 2.

    In Web Services terms, Operation Containers correspond to a service interface, whereas Operation Instances represent the associated operations [40].

  3. 3.

    Inverse properties are explicitly defined for all object properties in the ontology, in order to ease navigation from one ontological element to another.

References

  1. Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: An extended RBAC profile of XACML. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS ’06, pp. 13–22. ACM, New York (2006)

    Google Scholar 

  2. Abou-El-Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization based access control. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy’03), lake Come, Italy, June 2003, pp. 120–131 (2013)

    Google Scholar 

  3. Antonakopoulou, A., Lioudakis, G.V., Gogoulos, F., Kaklamani, D.I., Venieris, I.S.: Leveraging access control for privacy protection: a survey. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, pp. 65–94. IGI Global, Hershey (2012)

    Google Scholar 

  4. Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP ’07, pp. 321–324. IEEE Computer Society, Washington (2007)

    Chapter  Google Scholar 

  5. Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Syst. J. 40(3), 666–682 (2001)

    Article  Google Scholar 

  6. Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: SACMAT ’09: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 177–186. ACM (2009)

    Google Scholar 

  7. Casassa Mont, M.: Dealing with privacy obligations: important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)

    Google Scholar 

  8. Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M.: A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In: Bertino, E., Joshi, J.B.D. (eds.) CollaborateCom 2008. LNICST, vol. 10, pp. 322–339. Springer, Heidelberg (2009)

    Google Scholar 

  9. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)

    Article  Google Scholar 

  10. Data Protection Commissioner of Ireland: data protection guidelines on Research in the Health Sector (2007)

    Google Scholar 

  11. DEMONS (DEcentralized, cooperative, and privacy-preserving MONitoring for trustworthinesS) EU FP7 project. http://fp7-demons.eu/

  12. Elahi, N., Chowdhury, M., Noll, J.: Semantic access control in web based communities. In: ICCGI 2008: Proceedings of the Third International Multi-Conference on Computing in the Global Information Technology, pp. 131–136. IEEE Computer Society, August 2008

    Google Scholar 

  13. European Parliament and Council: Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official J. Eur. Communities L 281, 31–50, (1995)

    Google Scholar 

  14. Ferrini, R., Bertino, E.: Supporting rbac with xacml+owl. In: SACMAT ’09: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 145–154. ACM (2009)

    Google Scholar 

  15. Finin, T.W., Joshi, A., Kagal, L., Niu, J., Sandhu, R.S., Winsborough, W.H., Thuraisingham, B.M.: R OWLBAC: representing role based access control in OWL. In: SACMAT ’08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies. ACM (2008)

    Google Scholar 

  16. Gutwirth, S., De Hert, P., Poullet, Y.: Reinventing Data Protection?. Springer, Berlin (2009)

    Book  Google Scholar 

  17. Gutwirth, S., De Hert, P., Poullet, Y.: European Data Protection: Coming of Age. Springer, Berlin (2013)

    Book  Google Scholar 

  18. He, Z., Huang, K., Wu, L., Li, H., Lai, H.: Using semantic web techniques to implement access control for web service. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds.) ICICA 2010. CCIS, vol. 105, pp. 258–266. Springer, Heidelberg (2010)

    Google Scholar 

  19. Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Ching Hsu, I.: Extensible access control markup language integrated with semantic web technologies. Inf. Sci. 238, 33–51 (2013)

    Article  Google Scholar 

  21. Joshi, J.B.D., Shafiq, B., Ghafoor, A., Bertino, E.: Dependencies and separation of duty constraints in GTRBAC. In: SACMAT ’03: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. ACM (2003)

    Google Scholar 

  22. Kapitsaki, G.M., Lioudakis, G.V., Kaklamani, D.I., Venieris, I.S.: Privacy protection in context-aware web services: challenges and solutions. In: Quan, Z., Sheng, M., Yu, J., Dustdar, S. (eds.) Enabling Context-Aware Web Services: Methods, Architectures, and Technologies, pp. 393–420. Chapman and Hall/CRC, London (2010)

    Chapter  Google Scholar 

  23. Koukovini, M.N., Papagiannakopoulou, E.I., Lioudakis, G.V., Kaklamani, D.I., Venieris, I.S.: A workflow checking approach for inherent privacy awareness in network monitoring. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 295–302. Springer, Heidelberg (2012)

    Google Scholar 

  24. Lioudakis, G.V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D.I., Venieris, I.S.: Legislation-aware privacy protection in passive network monitoring. In: Portela, I.M., Cruz-Cunha, M.M. (eds.) Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues, Chap. 22, pp. 363–383. IGI Global, Hershey (2010)

    Chapter  Google Scholar 

  25. Masoumzadeh, A., Joshi, J.: OSNAC: an ontology-based access control model for social networking systems. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, SOCIALCOM ’10, pp. 751–759. IEEE Computer Society, Washington (2010)

    Chapter  Google Scholar 

  26. Mitra, P., Pan, C.C., Liu, P., Atluri, V.: Privacy-preserving semantic interoperation and access control of heterogeneous databases. In: ASIACCS ’06: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 66–77. ACM (2006)

    Google Scholar 

  27. Organization for the Advancement of Structured Information Standards (OASIS): eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf (February 2005), OASIS Standard

  28. Pan, C.C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: SACMAT ’06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 237–246. ACM, New York (2006)

    Google Scholar 

  29. Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S.: A contextual privacy-aware access control model for network monitoring workflows: work in progress. In: Garcia-Alfaro, J., Lafourcade, P. (eds.) FPS 2011. LNCS, vol. 6888, pp. 208–217. Springer, Heidelberg (2012)

    Google Scholar 

  30. Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S., Cuppens, F., Cuppens-Boulahia, N.: A privacy-aware access control model for distributed network monitoring. Comput. Electr. Eng. 35(5), 1579–1597 (2012)

    Google Scholar 

  31. Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84, 1144–1159 (2011)

    Article  Google Scholar 

  32. Priebe, T., Dobmeier, W., Kamprath, N.: Supporting attribute-based access control with ontologies. In: ARES 2006: Proceedings of the the First International Conference on Availability, Reliability and Security, pp. 465–472. IEEE Computer Society (2006)

    Google Scholar 

  33. Ravari, A., Amini, M., Jalili, R., Jafarian, J.: A history based semantic aware access control model using logical time. In: 11th International Conference on Computer and Information Technology, ICCIT 2008, pp. 43–50, December 2008

    Google Scholar 

  34. Rota, A., Short, S., Rahaman, M.A.: Xml secure views using semantic access control. In: Proceedings of the 2010 EDBT/ICDT Workshops, EDBT ’10, pp. 5:1–5:10. ACM, New York (2010)

    Google Scholar 

  35. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  36. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Article  Google Scholar 

  37. Solove, D.J.: A brief history of information privacy law. In: Wolf, C. (ed.) Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age, Chap. 1, pp. 1–46. Practising Law Institute, New York (2006)

    Google Scholar 

  38. Sun, Y., Pan, P., Leung, H.-F., Shi, B.: Ontology based hybrid access control for automatic interoperation. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 323–332. Springer, Heidelberg (2007)

    Google Scholar 

  39. The World Wide Web Consortium (W3C): OWL Web Ontology Language Overview, February 2004, W3C Recommendation

    Google Scholar 

  40. The World Wide Web Consortium (W3C): Web Services Description Language (WSDL) Version 2.0, June 2007, W3C Standard

    Google Scholar 

  41. Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: a comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  42. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: ICWS ’05: Proceedings of the IEEE International Conference on Web Services (2005)

    Google Scholar 

Download references

Acknowledgment

The research of M.N. Koukovini is co-financed by the European Union (European Social Fund — ESF) and Greek national funds through the Operational Program “Education and Lifelong Learning” of the National Strategic Reference Framework (NSRF) — Research Funding Program: Heracleitus II. Investing in knowledge society through the European Social Fund. This research was also supported by the European Commission, in the frame of the FP7 DEMONS project.

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, National Technical University of Athens, Heroon Polytechniou 9, 15773, Athens, Greece

    Eugenia I. Papagiannakopoulou, Maria N. Koukovini, Georgios V. Lioudakis, Dimitra I. Kaklamani & Iakovos S. Venieris

  2. SingularLogic S.A., Al. Panagouli & Siniosoglou, 14234, Nea Ionia, Greece

    Nikolaos Dellas

  3. Institut Mines-Telecom, Telecom SudParis, CNRS Samovar UMR 5157, Evry, France

    Joaquin Garcia-Alfaro

  4. Institut Mines-Telecom, Telecom Bretagne, CS 17607, 35576, Cesson-Sévigné, France

    Nora Cuppens-Boulahia & Frédéric Cuppens

Authors
  1. Eugenia I. Papagiannakopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria N. Koukovini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georgios V. Lioudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nikolaos Dellas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dimitra I. Kaklamani
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Iakovos S. Venieris
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Nora Cuppens-Boulahia
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eugenia I. Papagiannakopoulou .

Editor information

Editors and Affiliations

  1. Dept. Commun. & Electronique, Télécom ParisTech, Paris, France

    Jean Luc Danger

  2. Concordia Institute for Information Syst Concordia University Research Chair Tier, Concordia University, Montreal, Québec, Canada

    Mourad Debbabi

  3. École des Mines, Nancy, France

    Jean-Yves Marion

  4. RST Department, Rm A105-2, Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  5. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Papagiannakopoulou, E.I. et al. (2014). Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05302-8_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05301-1

  • Online ISBN: 978-3-319-05302-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation