Ontology-Based Delegation of Access Control: An Enhancement to the XACML Delegation Profile

Although current estimates depict steady growth in Internet of Things (IoT), many works portray an as yet immature technology in terms of security. Attacks using low performance devices, the application of new technologies and data analysis to infer private data, lack of development in some aspects of security offer a wide field for improvement. The advent of Semantic Technologies for IoT offers a new set of possibilities and challenges, like data markets, aggregators, processors and search engines, which rise the need for security. New regulations, such as GDPR, also call for novel approaches on data-security, covering personal data. In this work, we present DS4IoT, a data-security ontology for IoT, which covers the representation of data-security concepts with the novel approach of doing so from the perspective of data and introducing some new concepts such as regulations, certifications and provenance, to classical concepts such as access control methods and authentication mechanisms. In the process we followed ontological methodologies, as well as semantic web best practices, resulting in an ontology to serve as a common vocabulary for data annotation that not only distinguishes itself from previous works by its bottom-up approach, but covers new, current and interesting concepts of data-security, favouring implicit over explicit knowledge representation. Finally, this work is validated by proof of concept, by mapping the DS4IoT ontology to the NGSI-LD data model, in the frame of the IoTCrawler EU project.

show abstract

“…Daud et al [36] present a delegation of access control based on semantic technologies, as an enhancement of the XACML delegation profile.…”

Section: Other Related Workmentioning

confidence: 99%

Lightweight Data-Security Ontology for IoT

Gonzalez-Gil

Martı́nez²,

Skarmeta

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…These include: classifying resources into categories (Cheng et al, 2012), itemizing profile data into different elements (Aimeur et al, 2010) or classifying users into lists (e.g., blacklist users) (Cramer et al, 2015). However, these methods do not scale well in large and complex environments because of: i) the growing privacy configuration requirements and the incapability of existing solutions to handle them in an efficient manner (Beato et al, 2009), and ii) the burden of the definition and management of rules by users and administrators (Daud et al, 2015).…”

Section: Introductionmentioning

confidence: 99%

Ontology-based Access Control Management: Two Use Cases

Daud

Sánchez

Viejo

2016

Proceedings of the 8th International Conference on Agents and Artificial Intelligence

Self Cite

View full text Add to dashboard Cite

Access control management is an important area of research within the security field. Several models have been proposed to manage the access rights of users over restricted resources, which are mainly based on defining rules between specific entities and concrete resources. Though these approaches are enough to manage organizations involving a limited number of entities and resources, the specification of rules or constraints for large and heterogeneous scenarios may imply a considerable burden to the administrators. To palliate this problem, we propose a generic ontology-based solution to manage the access control that can greatly simplify and speed up the definition of rules in complex scenarios and that can also improve the interoperability between heterogeneous settings. Moreover, we show its potential by applying it in two highly dynamic and large scenarios, i.e., Online Social Networks (OSNs) and the Cloud.

show abstract