XML secure views using semantic access control

Rota, Andrea; Short, Stuart; Rahaman, Mohammad Ashiqur

doi:10.1145/1754239.1754245

Cited by 9 publications

(18 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The work presented in [20] addresses the expressiveness limitations of XACML regarding knowledge representation; it extends it in order to support ontologybased reasoning and rule-based inference, while maintaining the usability of its original features. Likewise, in [34] an XML filter is created for regulating the disclosure of information, according to both the XML document structure and the semantics of its contents; this is achieved by directly integrating a knowledge base, which contains a description of the domain, in an XACML engine.…”

Section: Related Workmentioning

confidence: 99%

“…In most cases, they focus on and capture a limited number of concepts, constraints and access parameters, missing the necessary expressiveness for the specification of complex provisions and access structures. For instance, only few of these models (e.g., [6] [12][25] [34]) are privacy-aware, yet they do not provide support for separation and binding of duty constraints, whereas presenting limited, if any, context-awareness. Moreover, the semantic taxonomies created within existing approaches are typically limited to very basic hierarchies (e.g., of roles), with no support for relations beyond is-a generalisations, or complex expressions and logical relations thereof.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2014

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. Access control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Papagiannakopoulou

Koukovini

Lioudakis

et al. 2014

Foundations and Practice of Security

View full text Add to dashboard Cite

show abstract

“…The XACML standard defines the XML documents to represent the access control policies, and also outlines an architecture for the implementation of an access control service. Rota et al [8] extend both the access control policy document and the XACML architecture to support ontology-based filtering of XML documents. Since their contributions are used as a base to apply access control rules to DPWSs, their work is summarized below.…”

Section: B Ontology-enabled Fine-grained Filtering Of Xml Withmentioning

confidence: 99%

“…For fine-grained filtering of XML, the resource could be an XPath query over an XML document. However, access control policies that relate subjects directly to queries over XML suffer from issues of maintenance and understandability [8]. Consequently, Rota et al [8] extend the XACML policy document such that a resource may be a class from an RDFS ontology, here termed the filtering ontology.…”

Section: B Ontology-enabled Fine-grained Filtering Of Xml Withmentioning

confidence: 99%

“…With XACML, fields of an XML document may be connected to access control policies. However, instead of binding these policies directly to syntactic message elements, Rota et al [8] present a solution where policies may reference classes from an ontology. An example policy could state that a guest user cannot view personally identifiable information (PII), where PII is a class from the ontology.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fine-Grained Filtering of Data Providing Web Services with XACML

Brown

Hayes

Allison

et al. 2012

2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises

View full text Add to dashboard Cite

This work describes how a fine-grained filtering Web service is generated using an extended XACML architecture for Data Providing Web Services (DPWSs). A DPWS is a Web service tasked with the retrieval of data that is annotated using a domain ontology. This work extends XACML policies to reference filtering classes from a filtering ontology instead of directly referencing fine-grained XML elements. This paper then contributes a language to state relations between the filtering ontology and the DPWS's domain ontology. It also contributes an algorithm to interpret these relations to determine if a given XML element from a DPWS is a member of a filtering class. This algorithm is then used by the extended XACML architecture to infer how a DPWS shall be filtered. This approach provides a clear separation of concerns between a DPWS's data domain and the filtering domain.

show abstract

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Brown

Hayes

Allison

et al. 2013

Concurrency and Computation

View full text Add to dashboard Cite

A data providing service (DPS) in service-oriented architecture is tasked only with the retrieval of data that are annotated over a domain ontology. One particular motivating application of DPSs is their use within collaborative environments. An important characteristic for the enterprises of such a collaborative environment is the ability to employ data sharing with one another. A major concern in this situation is the protection of each enterprise's privacy while still permitting data sharing. One potential solution is to provide filtered data through access control. This work describes how to implement access control through fine-grained filtering of DPS response messages; it is accomplished using a filtering ontology and relations between the domain ontology of DPS and the proposed filtering ontology. Therefore, enterprises can write enterprise-specific access control policies referencing a common filtering ontology defined within a collaborative environment, enabling access control-based data sharing within the environment. This work additionally illustrates the implementation of our general solution to data providing web services, interpreted by an eXtensible Access Control Markup Language-based access control framework. The implementation is further evaluated in a case study of real world data, provided by a health research institute in London, Canada.K. BROWN ET AL. product. Should data sharing be required within this domain, the data services must also provide some security measures, such as access control policies (ACPs). These policies should reference the shared concepts to maintain the privacy of each enterprise. This is not an easy task as each enterprise may have existing ACPs. The need for specialized data services is emphasized by Carey [5]. Carey outlines a very simplified architecture showing how data services are used by business processes in order to facilitate access to data objects while also suggesting that new methodologies and tools need to be developed for data service modeling as data services are likely to remain important to applications.The data service contract in non-semantic SOA only describes a service syntactically and thus requires human input to semantically interpret the contract. As a result of this, semantic extensions to SOA have been proposed that annotate conventional services to promote interoperability [6][7][8][9]. Services that specialize in retrieving data and are annotated with semantics are termed data providing services (DPSs). A DPS extends a conventional SOA service by providing a DPS profile that semantically annotates the service's contract using a parameterized view over a domain ontology. A domain ontology is a shared, formal description of data that is supported by computational logic for inference; resource description framework schema (RDFS) [10] and Web Ontology Language (OWL) [11] are two potential representations for ontologies on the Web. By semantically annotating a DPS, it is able to be semantically discovered, mediated, and composed.Current me...

show abstract

XML secure views using semantic access control

Cited by 9 publications

References 14 publications

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Fine-Grained Filtering of Data Providing Web Services with XACML

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Contact Info

Product

Resources

About