ROWLBAC – Representing Role Based Access Control in OWL

Slides:



Advertisements
Similar presentations
CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.
Advertisements

Chronos: A Tool for Handling Temporal Ontologies in Protégé
Semantic Web Thanks to folks at LAIT lab Sources include :
Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Of 27 lecture 7: owl - introduction. of 27 ece 627, winter ‘132 OWL a glimpse OWL – Web Ontology Language describes classes, properties and relations.
Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
A Really Brief Crash Course in Semantic Web Technologies Rocky Dunlap Spencer Rugaber Georgia Tech.
Ontology Development Kenneth Baclawski Northeastern University Harvard Medical School.
A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.
INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.
The Semantic Web William M Baker
Building an Ontology of Semantic Web Techniques Utilizing RDF Schema and OWL 2.0 in Protégé 4.0 Presented by: Naveed Javed Nimat Umar Syed.
Ontology-based and Rule-based Policies: Toward a Hybrid Approach to Control Agents in Pervasive Environments The Semantic Web and Policy Workshop – ISWC.
OWL 2 in use. OWL 2 OWL 2 is a knowledge representation language, designed to formulate, exchange and reason with knowledge about a domain of interest.
Michael Eckert1CS590SW: Web Ontology Language (OWL) Web Ontology Language (OWL) CS590SW: Semantic Web (Winter Quarter 2003) Presentation: Michael Eckert.
Metadata. Generally speaking, metadata are data and information that describe and model data and information For example, a database schema is the metadata.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Semantic Web - an introduction By Daniel Wu (danielwujr)
Scalable and E ffi cient Reasoning for Enforcing Role-Based Access Control Tyrone Cadenhead Murat Kantarcioglu, and Bhavani Thuraisingham 1.
Advanced topics in software engineering (Semantic web)
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course.
Dr. Bhavani Thuraisingham The University of Texas at Dallas Trustworthy Semantic Webs March 25, 2011 Data and Applications Security Developments and Directions.
Ontology-Based Computing Kenneth Baclawski Northeastern University and Jarg.
Medical Roles/Permissions Ontology Ping Wang Tetherless World Constellation Rensselaer Polytechnic Institute.
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Vision for Semantic Web.
ROLE BASED ACCESS CONTROL 1 Group 4 : Lê Qu ố c Thanh Tr ầ n Vi ệ t Tu ấ n Anh.
Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007.
Dr. Bhavani Thuraisingham September 24, 2008 Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security.
ELIS – Multimedia Lab PREMIS OWL Sam Coppens Multimedia Lab Department of Electronics and Information Systems Faculty of Engineering Ghent University.
Practical RDF Chapter 12. Ontologies: RDF Business Models Shelley Powers, O’Reilly SNU IDB Lab. Taikyoung Kim.
A Portrait of the Semantic Web in Action Jeff Heflin and James Hendler IEEE Intelligent Systems December 6, 2010 Hyewon Lim.
1 T. Hill Review of: ROWLBAC – Representing Role Based Access Control in OWL T. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough.
WonderWeb. Ontology Infrastructure for the Semantic Web. IST Project Review Meeting, 11 th March, WP2: Tools Raphael Volz Universität.
NSF Cyber Trust Annual Principal Investigator Meeting September 2005 Newport Beach, California UMBC an Honors University in Maryland Trust and Security.
Web Ontology Language (OWL). OWL The W3C Web Ontology Language (OWL) is a Semantic Web language designed to represent rich and complex knowledge about.
OWL Web Ontology Language Summary IHan HSIAO (Sharon)
Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.
Scalable and E ffi cient Reasoning for Enforcing Role-Based Access Control Tyrone Cadenhead Advisors: Murat Kantarcioglu, and.
Rinke Hoekstra Use of OWL in the Legal Domain Statement of Interest OWLED 2008 DC, Gaithersburg.
1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.
Ontology Technology applied to Catalogues Paul Kopp.
Ccs.  Ontologies are used to capture knowledge about some domain of interest. ◦ An ontology describes the concepts in the domain and also the relationships.
Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course January.
1 Role-Based Access Control (RBAC) Prof. Ravi Sandhu Executive Director and Endowed Chair January 29, © Ravi.
OWL (Ontology Web Language and Applications) Maw-Sheng Horng Department of Mathematics and Information Education National Taipei University of Education.
Institute for Cyber Security
Building Trustworthy Semantic Webs
Prof. Bhavani Thuraisingham The University of Texas at Dallas
Lecture #11: Ontology Engineering Dr. Bhavani Thuraisingham
Analyzing and Securing Social Networks
Role-Based Access Control (RBAC)
Internet of Things: Security Challenges
ece 720 intelligent web: ontology and beyond
UMBC AN HONORS UNIVERSITY IN MARYLAND
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Lecture #6: RDF and RDF Security Dr. Bhavani Thuraisingham
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Data and Applications Security Developments and Directions
Scalable and Efficient Reasoning for Enforcing Role-Based Access Control
Access Control What’s New?
Presentation transcript:

ROWLBAC – Representing Role Based Access Control in OWL Tim Finin, Anupam Joshi, UMBC Lalana Kagal, MIT Jianwei Niu, Ravi Sandhu, William Winsborough, UTSA Bhavani Thuraisingham, UTD

Our Thesis Semantic Web technology provides an good framework for enhancing interoperability and portability of authorization policy We show how RBAC can be supported by OWL (Web Ontology Language)

Why RBAC? Role Based Access Control NIST Standard Real world success Extensive academic study

What is OWL? OWL A family of knowledge representation languages Based on Description Logic (DL) XML-based representation in Resource Description Framework (RDF) W3C standard Widely used for defining domain vocabularies called ontologies Used for developing policy languages for Web

Why Support RBAC in OWL? OWL has features needed in distributed, decentralized environments Cooperating organizations have their own native schemas and data models OWL provides an appropriate framework in which to agree on and specify ontologies for roles, actions, and resources Class hierarchy and other ontological restrictions make OWL particularly effective Cardinality and disjointness Grounding in logic facilitates translating among formalisms for analysis or execution

Outline RBAC in OWL Additional stuff in the paper: Basics Two approaches to representing roles Each has its own rbac ontology Domain-specific ontologies Additional stuff in the paper: Attribute-based Access Control (ABAC) in OWL Role-based Trust management (RT) and its security analysis in OWL

RBAC in OWL: RBAC Ontology Basics Actions Subjects Objects

RBAC in OWL: Representing Roles Two approaches to representing roles Roles as classes Roles as values Each approach is supported by its own ontology Differ in generality of queries that DL reasoning can support

Roles as Classes Each RBAC role is represented by two OWL classes: Static assignment to the role (e.g., PermanentResident) Dynamic activation of the role (e.g., ActivePermanentResident) These each have two parent classes: For each RBAC role, the domain-specific ontology has two classes, <RoleName> and <ActiveRoleName>

Roles as Classes OWL specification assigns static and activated roles Role hierarchy is represented using the class hierarchy

Roles as Classes Role hierarchy is represented upside down by class hierarchy

Roles as Classes Separation of duty OWL directly supports ssod and dsod via the OWL property, disjointWith

Roles as Classes Permitted and prohibited subclasses of actions Each action is an instance of exactly one subclass PEP can query which one a given action belongs to

Roles as Classes Permission-role assignments are supported via rbac:PermittedAction Domain-specific ontology example:

Consider all currently active roles Roles as Classes Enforcing dsod constraints User attempts to create a ActivateRole action Consider all currently active roles

Roles as Values Roles are modeled as instances of a generic Role class

Roles as Values Example:

Roles as Values Role hierarchy RBAC ontology: Domain-specific ontology:

Roles as Values Reasoning about inheritance

Roles as Values Separation of duty RBAC ontology: Domain-specific ontology:

Roles as Values Detecting separation of duty violations

Roles as Values Permission-role assignment RBAC ontology: Domain-specific ontology:

Roles as Values Determining whether an action is permitted

Comparison of Approaches Roles-as-classes supports more general queries Can ask whether a specific user can access a specific resource But, can also ask whether all members of a given role can access a class of resources Roles-as-values Can only ask whether a specific user can access a specific resource Domain-specific ontologies for roles as values is simpler

Changing State Changes in the RBAC system have to be modeled by changing the set of OWL clauses Adding clauses can be done efficiently Adding a user to a role A user activating a role Removing clauses can lead to a lot of reevaluation Removing a user from a role A user deactivating a role

Other Stuff The paper also talks about supporting Attribute Based Access Control Object attributes such as location Partial support of Role-based Trust management (RT) Partial support of security analysis in RT

Conclusion OWL provides many features that support RBAC, ABAC, RT, and security analysis It also easily supports nice extensions Class hierarchy of objects Reasons The logical semantics of OWL Powerful features such as transitive properties, class hierarchy, cardinality constraints, disjoint classes, equivalent classes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.