Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Multi-level authorisation model and framework for distributed semantic-aware environments

Multi-level authorisation model and framework for distributed semantic-aware environments

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

© The Institution of Engineering and Technology
Published

Semantic technology is widely used in distributed computational environments to increase interoperability and machine readability of information through giving semantics to the underlying information and resources. Semantic-awareness, distribution and interoperability of new generation of distributed systems demand an authorisation model and framework that satisfies essential authorisation requirements of such environments. In this study, the authors propose an authorisation model and framework based on multi-security-domain architecture for distributed semantic-aware environments. The proposed framework is founded based on the MA(DL)2 logic, which enables policy specification and inference (based on the defined semantic relationships) in both conceptual and ground (individual) levels. Also, it enables authorities to have cooperative security management in their shared domain of resources with different administration styles.

Inspec keywords: authorisation; open systems; formal logic; distributed processing

Other keywords: cooperative security management; multisecurity-domain architecture; distributed semantic-aware environments; interoperability; semantic technology; information machine readability; multilevel authorisation model; MA(DL)2 logic

Subjects: Data security; Distributed systems software

References

    1. 1)
      • Uszok, A., Bradshaw, J., Jeffers, R.: `KAoS policy and domain services: toward a description-logic approach to policy representation, deconiction, and enforcement', Proc. Fourth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY'03), 2003, Washington, DC, USA, p. 93.
    2. 2)
      • M. Amini , R. Jalili . MA(DL)2 A normative logic for authorization in semantic-aware environments.
    3. 3)
    4. 4)
      • F. Baader , D. Calvanese , D.L. McGuinness , D. Nardi , P.F. Patel-Schneider . (2003) The description logic handbook: theory, implementation, and applications.
    5. 5)
      • Foster, I.T.: `Globus toolkit Version 4: software for service-oriented systems', Proc. IFIP Int. Conf. on Network and Parallel Computing, 2005, p. 2–13, (LNCS, 3779).
    6. 6)
      • Zhang, X.M.: `A semantic grid oriented to E-tourism', Proc. First Int. Conf. on Cloud Computing, 2009, Beijing, China, p. 485–496, (LNCS, 5931).
    7. 7)
      • ISO/IEC:9594-8: ‘ITU-T recommendation X.509: infomation technology – open systems interconnection – the directory: public-key and attribute certificate frameworks’. Technical Report, ITU-T, 2001.
    8. 8)
      • Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: `Semantics-aware privacy and access control: motivation and preliminary results', Proc. First Italian Semantic Web Workshop: Semantic Web Applications an Presepectives (SWAP04), 2004, Ancona, Italy.
    9. 9)
      • O. Corcho , P. Alper , I. Kotsiopoulos , P. Missier , S. Bechhofer , C. Goble . An overview of S-OGSA: a reference semantic grid architecture. Web Semantics: Sci., Servi. Agents World Wide Web , 2 , 102 - 115
    10. 10)
      • Masoumzadeh, A., Amini, M., Jalili, R.: `Conflict detection and resolution in a context-aware authorization system', Proc. Third IEEE Symp. on Security in Networks and Distributed Systems (SSNDS'07), 2007, Niagara Falls, Canada, p. 505–511.
    11. 11)
      • Uszok, A., Bradshaw, J., Hayes, P.: `DAML reality check: a case study of KAoS domain and policy services', Proc. Int. Semantic Web Conf. (ISWC 03), 2003, Sanibel Island, Florida.
    12. 12)
      • D. De Roure . Future for European grids: GRIDs and service oriented knowledge utilities.
    13. 13)
      • Naumenko, A.: `Semantics-based access control in business networks', 2007, PhD, University of Jyvasky.
    14. 14)
      • Amini, M., Jalili, R.: `A calculus for composite authorities' policy derivation in shared domains of pervasive computing environments', Proc. IEEE Int. Workshop on Internet and Distributed Computing Systems (IDCS'08), 2008, Bangladesh, p. 21–28.
    15. 15)
      • Amini, M., Jalili, R.: `MA(DL)', NSC-09-01, Technical, 2009, available at http://ce.sharif.edu/~m_amini/publications/reports/madl2family.pdf.
    16. 16)
      • Javanmardi, S., Amini, M., Jalili, R., GanjiSaffar, Y.: `SBAC: a semantic based access control model', Proc. 11th Nordic Workshop on Secure IT-systems (NordSec2006), 2006, Linkping, Sweden, p. 157–168.
    17. 17)
      • Kagal, L., Berners-Lee, T., Connolly, D., Weitzner, D.: `Using semantic web technologies for policy management on the web', Proc. 21st National Conf. on Artificial Intelligence (AAAI06), 2006, Boston, MA, USA.
    18. 18)
      • Uszok, A., Bradshaw, J.M., Lott, J.: `New developments in ontology-based policy management: increasing the practicality and comprehensiveness of KAoS', Proc. IEEE Workshop on Policies for Distributed Systems and Networks (Policy'08), 2008, Palisades, NY, USA, p. 145–152.
    19. 19)
      • Liebig, T., Müller, F.: `Parallelizing tableaux-based description logic reasoning', Proc. Int. Workshops on the Move to Meaningful Internet Systems (OTM'07), 2007, Vilamoura, Portugal, p. 1135–1144, (LNCS, 4806).
    20. 20)
      • Tang, Z., Li, R., Lu, Z.: `A request-driven role mapping for secure interoperation in multi-domain environment', Proc. IFIP Int. Conf. on Network and Parallel Computing Workshops (NPC 2007), 2007, Dalian, China, p. 83–90.
    21. 21)
      • Johnson, R.: `Parallel analytic tableaux systems', 1996, PhD, Queen Mary and Westfield College, University of London.
    22. 22)
      • A. Uszok , J.M. Bradshaw , M. Johnson . KAoS policy management for semantic web services. IEEE Intell. Syst. , 4 , 32 - 41
    23. 23)
      • Kagal, L., Finin, T., Joshi, A.: `A policy-based approach to security for the semantic web', Proc. Second Int. Semantic Web Conf. (ISWC03), Sanibel Island, October 2003, Florida, USA.
    24. 24)
      • Liu, Z., Ranganathan, A., Riabov, A.: `Specifying and enforcing high-level semantic obligation policies', Proc. Eigth IEEE Int. Workshop on Policies for Distributed Systems and Networks (POLICY'07), 2007, Bologna, Italy, p. 119–128.
    25. 25)
      • ISO/IEC: ‘Information technology – open systems interconnection – security frameworks for open systems: access control framework’. ISO/IEC 10181-3, November 1995.
    26. 26)
      • L. Kagal , T. Finin , A. Joshi . Trust-based security in pervasive computing environments. IEEE Comput. , 12 , 154 - 157
    27. 27)
      • Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: `A community authorization service for group collaboration', Proc. Third IEEE Int. Workshop on Policies for Distributed Systems and Networks (Policy'02), 2002, Monterey, CA, USA, p. 50–59.
    28. 28)
      • T. Priebe , W. Dobmeier , C. Schlager , N. Kamprath . Supporting attribute-based access control in authorization and authentication infrastructures with ontologies. J. Softw. , 1 , 27 - 38
    29. 29)
      • Demchenko, Y., de Laat, C., Gommans, L., van Buuren, R.: `Domain based access control model for distributed collaborative applications', Proc. Second IEEE Int. Conf. on e-Science and Grid Computing, 2006, Amsterdam, Netherlands.
    30. 30)
      • Qin, L., Atluri, V.: `Concept-level access control for the semantic web', Proc. 2003 ACM Workshop on XML Security (XMLSEC'03), 2003, New York, NY, USA, p. 94–103.
    31. 31)
      • Agarwal, S., Sprick, B.: `Specification of access control and certification policies for semantic web services', Proc. Sixth Int. Conf. on Electronic Commerce and Web Technologies (EC-Web 05), 2005, Copenhagen, p. 348–357, (LNCS, 3590).
    32. 32)
      • Ehsan, M.A., Amini, M., Jalili, R.: `A semantic-based access control mechanism using semantic technologies', Proc. Second Int. Conf. on Security of Information and Networks (SIN 2009), 2009, Gazimagusa, North Cyprus.
    33. 33)
      • Stermsek, G., Strembeck, M., Neumann, G.: `Using subject- and object-specific attributes for access control in web-based knowledge management systems', Proc. Workshop on Secure Knowledge Management (SKM'04), 2004, Amherst, NY, USA.
    34. 34)
      • M.J. Murphy , M. Dick , T. Fischer . Towards the semantic grid: a state of the art survey of semantic web services and their applicability to collaborative design, engineering, and procurement. J. Commun. IIMA , 3 , 11 - 24
    35. 35)
      • E.C. Lupu , M. Sloman . Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. , 6 , 852 - 869
    36. 36)
      • Denker, G., Nguyen, S., Ton, A.: `OWL-S semantics of security web services: a case study', Proc. First European Semantic Web Symp., 2004, Heraklion, Greece, p. 240–253.
    37. 37)
      • Javanmardi, S., Amini, M., Jalili, R.: `An access control model for protecting semantic web resources', Proc. Second Int. Semantic Web Policy Workshop (SWPW'06) 2006, 2006, Athens, GA, USA, p. 32–46.
    38. 38)
      • I. Foster , C. Kesselman , S. Tuecke . The anatomy of the grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. , 3 , 200 - 222
    39. 39)
      • Emami, S.S., Amini, M., Zokaei, S.: `A context-aware access control model for pervasive computing environments', Proc. IEEE Int. Conf. on Intelligent Pervasive Computing (IPC 2007), 2007, Jeju Island, Korea, p. 51–56.
    40. 40)
      • T. Moses . eXtensible access control markup language.
    41. 41)
    42. 42)
      • Masoumzadeh, A., Amini, M., Jalili, R.: `Context-aware provisional access control', Proc. Second Int. Conf. on Information Systems Security (ICISS'06), 2006, Kolkata, India, p. 132–146, (LNCS, 4332).
    43. 43)
      • Li, J.: `Semantics-based resource discovery in global-scale grids', 2008, PhD, The University of British Columbia.
    44. 44)
      • Yague, M.I., Mana, A., Lopez, J., Troya, J.M.: `Applying the semantic web layers to access control', Proc. 14th Int. Workshop on Database and Expert Systems Applications (DEXA'03), 2003, Prague, Czech Republic, p. 622–626.
    45. 45)
      • Yague, M., del Mar Gallardo, M., Mana, A.: `Semantic access control model: a formal specification', Proc. Tenth European Symp. on Research in Computer Security (ESORICS'05), (LNCS, 3679), 2005, Milan, Italy, p. 24–43.
    46. 46)
      • Z. Wu , H. Chen . Semantic grid: model, methodology, and applications,, Advanced topics in science and technology in China.
    47. 47)
      • D.J. Weitzner , J. Hendler , T. Berners-Lee , D. Connolly , F. Lena , T. Bhavani . (2004) Creating a policy-aware web: discretionary, rule-based access for the World Wide Web, Web and information security.
    48. 48)
    49. 49)
      • Davis, M.: `Semantic wave – part 1', Technical Report, 2006, A Project10X Special Report, Wilshire Conferences, Inc..
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2009.0198
Loading

Related content

content/journals/10.1049/iet-ifs.2009.0198
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address