Abstract
Access control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Naturally, the information model may vary depending on the application domain; still, several concepts (e.g., organisational roles, operations, data types, etc.) are pervasive and are the focus of the following.
- 2.
In Web Services terms, Operation Containers correspond to a service interface, whereas Operation Instances represent the associated operations [40].
- 3.
Inverse properties are explicitly defined for all object properties in the ontology, in order to ease navigation from one ontological element to another.
References
Abi Haidar, D., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: An extended RBAC profile of XACML. In: Proceedings of the 3rd ACM Workshop on Secure Web Services, SWS ’06, pp. 13–22. ACM, New York (2006)
Abou-El-Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization based access control. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy’03), lake Come, Italy, June 2003, pp. 120–131 (2013)
Antonakopoulou, A., Lioudakis, G.V., Gogoulos, F., Kaklamani, D.I., Venieris, I.S.: Leveraging access control for privacy protection: a survey. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, pp. 65–94. IGI Global, Hershey (2012)
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP ’07, pp. 321–324. IEEE Computer Society, Washington (2007)
Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Syst. J. 40(3), 666–682 (2001)
Carminati, B., Ferrari, E., Heatherly, R., Kantarcioglu, M., Thuraisingham, B.: A semantic web based framework for social network access control. In: SACMAT ’09: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 177–186. ACM (2009)
Casassa Mont, M.: Dealing with privacy obligations: important aspects and technical approaches. In: Katsikas, S.K., López, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 120–131. Springer, Heidelberg (2004)
Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M.: A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In: Bertino, E., Joshi, J.B.D. (eds.) CollaborateCom 2008. LNICST, vol. 10, pp. 322–339. Springer, Heidelberg (2009)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)
Data Protection Commissioner of Ireland: data protection guidelines on Research in the Health Sector (2007)
DEMONS (DEcentralized, cooperative, and privacy-preserving MONitoring for trustworthinesS) EU FP7 project. http://fp7-demons.eu/
Elahi, N., Chowdhury, M., Noll, J.: Semantic access control in web based communities. In: ICCGI 2008: Proceedings of the Third International Multi-Conference on Computing in the Global Information Technology, pp. 131–136. IEEE Computer Society, August 2008
European Parliament and Council: Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official J. Eur. Communities L 281, 31–50, (1995)
Ferrini, R., Bertino, E.: Supporting rbac with xacml+owl. In: SACMAT ’09: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 145–154. ACM (2009)
Finin, T.W., Joshi, A., Kagal, L., Niu, J., Sandhu, R.S., Winsborough, W.H., Thuraisingham, B.M.: R OWLBAC: representing role based access control in OWL. In: SACMAT ’08: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies. ACM (2008)
Gutwirth, S., De Hert, P., Poullet, Y.: Reinventing Data Protection?. Springer, Berlin (2009)
Gutwirth, S., De Hert, P., Poullet, Y.: European Data Protection: Coming of Age. Springer, Berlin (2013)
He, Z., Huang, K., Wu, L., Li, H., Lai, H.: Using semantic web techniques to implement access control for web service. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds.) ICICA 2010. CCIS, vol. 105, pp. 258–266. Springer, Heidelberg (2010)
Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)
Ching Hsu, I.: Extensible access control markup language integrated with semantic web technologies. Inf. Sci. 238, 33–51 (2013)
Joshi, J.B.D., Shafiq, B., Ghafoor, A., Bertino, E.: Dependencies and separation of duty constraints in GTRBAC. In: SACMAT ’03: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. ACM (2003)
Kapitsaki, G.M., Lioudakis, G.V., Kaklamani, D.I., Venieris, I.S.: Privacy protection in context-aware web services: challenges and solutions. In: Quan, Z., Sheng, M., Yu, J., Dustdar, S. (eds.) Enabling Context-Aware Web Services: Methods, Architectures, and Technologies, pp. 393–420. Chapman and Hall/CRC, London (2010)
Koukovini, M.N., Papagiannakopoulou, E.I., Lioudakis, G.V., Kaklamani, D.I., Venieris, I.S.: A workflow checking approach for inherent privacy awareness in network monitoring. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 295–302. Springer, Heidelberg (2012)
Lioudakis, G.V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D.I., Venieris, I.S.: Legislation-aware privacy protection in passive network monitoring. In: Portela, I.M., Cruz-Cunha, M.M. (eds.) Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues, Chap. 22, pp. 363–383. IGI Global, Hershey (2010)
Masoumzadeh, A., Joshi, J.: OSNAC: an ontology-based access control model for social networking systems. In: Proceedings of the 2010 IEEE Second International Conference on Social Computing, SOCIALCOM ’10, pp. 751–759. IEEE Computer Society, Washington (2010)
Mitra, P., Pan, C.C., Liu, P., Atluri, V.: Privacy-preserving semantic interoperation and access control of heterogeneous databases. In: ASIACCS ’06: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 66–77. ACM (2006)
Organization for the Advancement of Structured Information Standards (OASIS): eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf (February 2005), OASIS Standard
Pan, C.C., Mitra, P., Liu, P.: Semantic access control for information interoperation. In: SACMAT ’06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies, pp. 237–246. ACM, New York (2006)
Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S.: A contextual privacy-aware access control model for network monitoring workflows: work in progress. In: Garcia-Alfaro, J., Lafourcade, P. (eds.) FPS 2011. LNCS, vol. 6888, pp. 208–217. Springer, Heidelberg (2012)
Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S., Cuppens, F., Cuppens-Boulahia, N.: A privacy-aware access control model for distributed network monitoring. Comput. Electr. Eng. 35(5), 1579–1597 (2012)
Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84, 1144–1159 (2011)
Priebe, T., Dobmeier, W., Kamprath, N.: Supporting attribute-based access control with ontologies. In: ARES 2006: Proceedings of the the First International Conference on Availability, Reliability and Security, pp. 465–472. IEEE Computer Society (2006)
Ravari, A., Amini, M., Jalili, R., Jafarian, J.: A history based semantic aware access control model using logical time. In: 11th International Conference on Computer and Information Technology, ICCIT 2008, pp. 43–50, December 2008
Rota, A., Short, S., Rahaman, M.A.: Xml secure views using semantic access control. In: Proceedings of the 2010 EDBT/ICDT Workshops, EDBT ’10, pp. 5:1–5:10. ACM, New York (2010)
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Solove, D.J.: A brief history of information privacy law. In: Wolf, C. (ed.) Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age, Chap. 1, pp. 1–46. Practising Law Institute, New York (2006)
Sun, Y., Pan, P., Leung, H.-F., Shi, B.: Ontology based hybrid access control for automatic interoperation. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 323–332. Springer, Heidelberg (2007)
The World Wide Web Consortium (W3C): OWL Web Ontology Language Overview, February 2004, W3C Recommendation
The World Wide Web Consortium (W3C): Web Services Description Language (WSDL) Version 2.0, June 2007, W3C Standard
Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: a comparison of KAoS, Rei, and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: ICWS ’05: Proceedings of the IEEE International Conference on Web Services (2005)
Acknowledgment
The research of M.N. Koukovini is co-financed by the European Union (European Social Fund — ESF) and Greek national funds through the Operational Program “Education and Lifelong Learning” of the National Strategic Reference Framework (NSRF) — Research Funding Program: Heracleitus II. Investing in knowledge society through the European Social Fund. This research was also supported by the European Commission, in the frame of the FP7 DEMONS project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Papagiannakopoulou, E.I. et al. (2014). Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-05302-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05301-1
Online ISBN: 978-3-319-05302-8
eBook Packages: Computer ScienceComputer Science (R0)