Scalable and E ffi cient Reasoning for Enforcing Role-Based Access Control Tyrone Cadenhead Advisors: Murat Kantarcioglu, and.

Slides:



Advertisements
Similar presentations
ROWLBAC – Representing Role Based Access Control in OWL
Advertisements

Intelligent Technologies Module: Ontologies and their use in Information Systems Revision lecture Alex Poulovassilis November/December 2009.
OWL - DL. DL System A knowledge base (KB) comprises two components, the TBox and the ABox The TBox introduces the terminology, i.e., the vocabulary of.
Chronos: A Tool for Handling Temporal Ontologies in Protégé
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
Ontologies and the Semantic Web by Ian Horrocks presented by Thomas Packer 1.
Xyleme A Dynamic Warehouse for XML Data of the Web.
Dynamic Ontologies on the Web Jeff Heflin, James Hendler.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.
Ontology translation: two approaches Xiangkui Yao OntoMorph: A Translation System for Symbolic Knowledge By: Hans Chalupsky Ontology Translation on the.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
Knowledge Mediation in the WWW based on Labelled DAGs with Attached Constraints Jutta Eusterbrock WebTechnology GmbH.
Managing Large RDF Graphs (Infinite Graph) Vaibhav Khadilkar Department of Computer Science, The University of Texas at Dallas FEARLESS engineering.
Chapter 4 The Relational Model.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.
An Introduction to Description Logics. What Are Description Logics? A family of logic based Knowledge Representation formalisms –Descendants of semantic.
Applying Belief Change to Ontology Evolution PhD Student Computer Science Department University of Crete Giorgos Flouris Research Assistant.
Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.
Ming Fang 6/12/2009. Outlines  Classical logics  Introduction to DL  Syntax of DL  Semantics of DL  KR in DL  Reasoning in DL  Applications.
An Algebra for Composing Access Control Policies (2002) Author: PIERO BONATTI, SABRINA DE CAPITANI DI, PIERANGELA SAMARATI Presenter: Siqing Du Date:
AMPol-Q: Adaptive Middleware Policy to support QoS Raja Afandi, Jianqing Zhang, Carl A. Gunter Computer Science Department, University of Illinois Urbana-Champaign.
Semantic Information Assurance for Distributed Knowledge Management A Business Process Perspective Presented By: Syed Asif Raza Suraj Bista
Ontology Summit 2015 Track C Report-back Summit Synthesis Session 1, 19 Feb 2015.
Dimitrios Skoutas Alkis Simitsis
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Semantic Access Control Ashraful Alam Dr. Bhavani Thuraisingham.
DRAGO: Distributed Reasoning Architecture for the Semantic Web Andrei Tamilin and Luciano Serafini Work is supported by 1 June 2005 Second European Semantic.
An Introduction to Description Logics (chapter 2 of DLHB)
NIST Standard for Role- Based Access Control Present by Wenyi Ni.
Scalable and E ffi cient Reasoning for Enforcing Role-Based Access Control Tyrone Cadenhead Murat Kantarcioglu, and Bhavani Thuraisingham 1.
DAGIS : Automatic Discovery of Geospatial Information Services Ashraful Alam Ganesh Subbiah Dr. Bhavani Thuraisingham Dr. Latifur Khan.
A Context Model based on Ontological Languages: a Proposal for Information Visualization School of Informatics Castilla-La Mancha University Ramón Hervás.
Efficient RDF Storage and Retrieval in Jena2 Written by: Kevin Wilkinson, Craig Sayers, Harumi Kuno, Dave Reynolds Presented by: Umer Fareed 파리드.
Dr. Bhavani Thuraisingham The University of Texas at Dallas Trustworthy Semantic Webs March 25, 2011 Data and Applications Security Developments and Directions.
Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.
TRBAC: A Temporal Role-Based Access Control Model Elisa Bertino CERIAS and CS Department Purdue University.
Practical Goal-based Reasoning in Ontology-Driven Applications Huy Pham & Deborah Stacey School of Computer Science University of Guelph Guelph, Ontario,
XML Access Control Koukis Dimitris Padeleris Pashalis.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
DL Overview Second Pass Ming Fang 06/19/2009. Outlines  Description Languages  Knowledge Representation in DL  Logical Inference in DL.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Dr. Bhavani Thuraisingham September 24, 2008 Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security.
Session 1 Module 1: Introduction to Data Integrity
ece 627 intelligent web: ontology and beyond
A Portrait of the Semantic Web in Action Jeff Heflin and James Hendler IEEE Intelligent Systems December 6, 2010 Hyewon Lim.
Semantic Data Extraction for B2B Integration Syntactic-to-Semantic Middleware Bruno Silva 1, Jorge Cardoso 2 1 2
© The ATHENA Consortium. CI3 - Practices of Interoperability in SMEs Proposed Solutions.
OWL Web Ontology Language Summary IHan HSIAO (Sharon)
LDK R Logics for Data and Knowledge Representation Description Logics: family of languages.
1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.
Distributed Instance Retrieval over Heterogeneous Ontologies Andrei Tamilin (1,2) & Luciano Serafini (1) (1) ITC-IRST (2) DIT - University of Trento Trento,
QUANTIFYING INFORMATION LOSS AFTER REDACTING DATA PROVENANCE TEAM: AVINI SOGANI VAISHNAVI SUNKU VENUGOPAL BOPPA.
1 Representing and Reasoning on XML Documents: A Description Logic Approach D. Calvanese, G. D. Giacomo, M. Lenzerini Presented by Daisy Yutao Guo University.
OWL (Ontology Web Language and Applications) Maw-Sheng Horng Department of Mathematics and Information Education National Taipei University of Education.
Building Trustworthy Semantic Webs
Software Security II Karl Lieberherr.
Web Ontology Language for Service (OWL-S)
Database Management System (DBMS)
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Prof. Bhavani Thuraisingham The University of Texas at Dallas
Logics for Data and Knowledge Representation
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Representations & Reasoning Systems (RRS) (2.2)
Presentation transcript:

Scalable and E ffi cient Reasoning for Enforcing Role-Based Access Control Tyrone Cadenhead Advisors: Murat Kantarcioglu, and Bhavani Thuraisingham

Overview  Motivation  Contributions  Approach  Theoretical Background: –RBAC, TRBAC, Description Logics, SWRL  Detailed Overview of Approach and Optimizations  Example  Experimental Results

Motivation 1.Organizations tend to generate large amount of data 2.Users need only partial access to resources 3.n u users and n r roles = at most n u ×n r mappings 4.Scalable access control model and easy management 5.Handle heterogeneity in information system

Motivation (cont’d)  RBAC simplifies Security Management –But Roles are statically defined  TRBAC extends RBAC –Roles are dynamically defined and have a temporal dimension –Does not address Heterogeneity inherent in organization information systems  Ontology has a Common Vocabulary –Conforms to a Description Logic (DL) formalism As a result, ontology Knowledge Bases (KBs) has a Description Logic (DL) Reasoning Service –Can be Distributed as different Knowledge Bases

Main Contributions  TRBAC Implementation using existing semantic technologies  Reasoning Service access control over large numbers of data instances in DL Knowledge Bases (KBs)  E ffi ciently and accurately reason about access rights

Approach  Transform the access control policies into the semantic web rule language (SWRL)  Partitioning the Knowledge Base into a set of smaller Knowledge Bases, which have the same TBox but a subset of the original Abox  A Knowledge Base consists of a TBox and ABox

Approach (cont’d)  Achieves: 1. Scalability – support many users, roles, sessions, permissions; combinations w.r.t access control policies 2. E ffi ciency - determines the response time to make a decision in milliseconds 3. Correct reasoning - ensures that all the data assertions are available when applying the security policies

Theoretical Background RBAC TRBAC Description Logic Language (ALCQ) SWRL

RBAC

TRBAC An extension of RBAC models that supports temporal constraints on the enabling/disabling of roles. Supports periodic role enabling and disabling, and temporal dependencies among such actions. Such dependencies are expressed by means of role triggers that can also be used to constrain the set of roles that a particular user can activate at a given time instant. The firing of a trigger may cause a role to be enabled/disabled either immediately, or after an explicitly specified amount of time. The enabling/disabling actions may be given a priority that may help in solving conflicts, such as the simultaneous enabling and disabling of a role

Description Logics

SWRL Also the Semantic Web Rule language (SWRL) is a W3C recommendation. A SWRL rule has the form are atoms of the form C(i) or atoms of the form P(i,j)

Detailed Overview

Step 1

Step 2

Step 3

Inference Stage When there is an access request for a specific patient, start executing steps 2 and 3. Steps 2 and 3 are our inferencing stages where we enforce the security policies. These can also be executed concurrently for many patients, as desired.

Advantages Adding SWRL rules to KBinf does not have a huge impact on the reasoning time as indicated by our experimental results. This is due to the fact that we are only retrieving a small subset of triples which reduces the number of symbols in the ABox when the rules are applied

Advantages (cont’d)

Definition of a Knowledge Base (KB)

(Mapping Function) Connects two domain modules so that we have: –RBAC assignments: the mappings user-role, role-user, role-permission, permission-role, user- session, role-role and role-session –Hospital extensions: the mappings patient-user, user-patient and patient-session –Patient-Record constraint: the one-to-one mappings patient-record and record-patient

Home Partition

(P-link)

Policy Query

Example

Trace

Optimization  Two types of indexing: 1.indexing the assertions to find a triple by a subject (s), a predicate (p) or an object (o), without the cost of a linear search over all the triples in a partition 2. creating a high level index. points to the location of the partitions on disk At most linear with respect to the number of partitions

Experiments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.