1 / 15

Design and Application of Rule Based Access Control Policies

Design and Application of Rule Based Access Control Policies. Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu xzhang@seu.edu.cn Dept. Computer Science & Engineering Southeast University, China. Outline. Our Idea Semantic Web Rule Language Model Design Use Cases

jbaier
Télécharger la présentation

Design and Application of Rule Based Access Control Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Design and Application of Rule Based Access Control Policies Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu xzhang@seu.edu.cn Dept. Computer Science & Engineering Southeast University, China

  2. Outline • Our Idea • Semantic Web Rule Language • Model Design • Use Cases • Conclusion and Future Work

  3. Our Idea • Requirements of WonderSpace • Express access control policies with powerful expressive ability. • Semantic Web Rule Language (SWRL) • A Horn clause rules extension to OWL proposed in 2004.

  4. What is the Idea • Express access control policies based on OWL and SWRL • OWL: ontology • SWRL: rule • Friend of a Friend (FOAF) • Information about people

  5. Semantic Web Rule Language • SWRL extends OWL DL by adding a simple form of Horn-style rules for the purpose of enhancing expressive ability • The form of a rule • antecedent  consequent.

  6. Semantic Web Rule Language • The antecedent and consequent of a rule consist of zero or more atoms. • Atoms can be the form of C(x), P(x, y), Q(x, z), sameAs(x, y) or differentFrom(x, y) • An typical example: • parent(?a, ?b)  brother(?b, ?c)  uncle(?a, ?c). It is true in China…

  7. Model Design - Ontology • Assertion about what kinds of agents are permitted/prohibited to access to what kinds of resources

  8. Model Design - Ontology

  9. Model Design - Ontology

  10. Model Design - Rule • Give more explicit meaning to properties • member(?z, ?x)  member(?z, ?y)  Person(?x)  Person(?y)  sameGroupOf(?x, ?y)

  11. Model Design - Rule • Express access control policies • member(wonderspace, ?x)  isPermittedtoRead(?x, somePaper)

  12. Use Case • Jack published a note about a project plan and asserted that the members of WonderSpace group could read this plan, while the members of his group could edit it online. • member(?z, ?x)  member(?z, ?y)  Person(?x)  Person(?y)  sameGroupOf(?x, ?y) • memberOf(?x,WonderSpace)  isPermittedtoRead (?x, plan), • sameGroupOf(?y, Jack)  isPermittedtoEdit(?y, plan).

  13. Conclusion and Future Work • Prove Our Concept: OWL + SWRL for Access Control Policy • Policy Confliction • Policy Enforcement • Trustworthy of the information source • Operational semantics of the policy language.

  14. Main References • I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and M. Dean: SWRL: A semantic web rule language combining owl and ruleml. W3C Member Submission, 21 May 2004. • J. M. Bradshaw, S. Dutfield, P. Benoit, and J. D. Woolley:KAoS: Toward An Industrial-Strength Open Agent Architecture. Software Agents, J.M. Bradshaw (ed.), AAAI Press (1997) 375-418 • L. Kagal, T. Finin, and A. Joshi: A policy language for a pervasive computing environment. IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003). • P.F. Patel-Schneider, P. Hayes, I. Horrocks (eds.): OWL: Web Ontology Language Semantics and Abstract Syntax. W3C Recommendation 10 February 2004. • P. Hayes (ed.): RDF Semantics. W3C Recommendation 10 February 2004.

  15. Thank you !

More Related