Presentation is loading. Please wait.

Presentation is loading. Please wait.

Semantic Access Control Ashraful Alam Dr. Bhavani Thuraisingham.

Published byWilla Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "Semantic Access Control Ashraful Alam Dr. Bhavani Thuraisingham."— Presentation transcript:

1 Semantic Access Control Ashraful Alam Dr. Bhavani Thuraisingham

2 Semantic Access Control (SAC) Traditional Access Control Traditional Access Control Semantic Web Semantic Access Control

3 Motivation Shortcomings of Traditional Access Control Proprietary systems Lack of modularity Changes in access control schemas break the system Changes in data schemas break the system Path to resources (e.g., XPATH) is clumsy //school/department/professor/personal/ssn – LONG! Non-optimal for distributed/federation environment

4 Modularity Problem People this policy applies to Resources this policy applies to Actions allowed for this policy Target Box

5 SAC Ontology Written in OWL ( Web Ontology Language ) User-centric Modular Easily extensible Available at : http://utd61105.campus.ad.utdallas.edu/geo/voc/newaccessonto

6 SAC Components Subjects: Software Agents or Human clients Resources: Assets exposed through WS Actions: Read, Write, Execute Conditions: Additional constraints (e.g., geospatial parameters) on policy enforcement Resources Subjects Actions Condition Policy Set

7 Application: Geo-WS Security Data providers (e.g., geospatial clearinghouses, research centers) need access control on serviceable resources. Access policies have geospatial dimension Bob has access on Building A Bob does NOT have access on Building B Building A and B have overlapping area Current access control mechanisms are static and non- modular.

8 Geo-WS Security: Architecture Client DAGISDAGIS DAGISDAGIS Geospatial Semantic WS Provider Enforcement Module Decision Module Authorization Module Semantic-enabled Policy DB Web Service Client SideWeb Service Provider Side

9 Geo-WS Security: Semantics Policy rules are based on description logic (DL). DL allows machine-processed deductions on policy base. Example 1: DL Rule: ‘Stores’ Inverse ‘Is Stored In’ Fact: Airplane_Hanger(X) ‘stores’ Airplane(Y) Example 2: DL Rule: ‘Is Located In’ is Transitive. Fact: Polygon(S) ‘Is Located In’ Polygon(V) Polygon(V) ‘Is Located In’ Polygon(T)

10 Secure Inferencing Geospatial Data Store Semantic-enabled Policy DB Inferencing Module Obvious facts Deduced facts

11 Geo-WS Security: Example Resource := Washington, Oregon, California, West Coast Rule:= West Coast = WA Union OR Union CA Policy:= Subject:= Bob Resources:= WA, OR, CA Action:=Read Query: Retrieve Interstate Highway topology of West Coast

12 SAC in Action Environment: University Campus Campus Ontology http://utd61105.campus.ad.utdallas.edu/geo/voc/campusonto Main Resources Computer Science Building Pharmacy Building Electric Generator in each Building

13 SAC in Action User Access: Bob has ‘execute’ access to all Building Resources Bob doesn’t have any access to CS Building Bob has ‘modify’ access to Building resources within a certain geographic extent Policy File located at http://utd61105.campus.ad.utdallas.edu/geo/voc/policyfile1

14 SAC Improvements Subjects, Resources, Actions and Conditions are defined independently Reduced policy look-up cost -- only policies related to the requester is processed No long path name!

15 Distributed Access Control Travel SiteReimbursement SiteBank Site Travel Data & Ontology Reimbursement Data Bank Site & Ontology Client Query Interface Middleware

Download ppt "Semantic Access Control Ashraful Alam Dr. Bhavani Thuraisingham."

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
Chapter 2 Database Environment.

Chapter 2 Database Environment.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Data Definition Language (DDL) Specification notation for defining the database schema –E.g. create table account ( account-number char(10), balance integer)

Data Definition Language (DDL) Specification notation for defining the database schema –E.g. create table account ( account-number char(10), balance integer)
©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.

©Silberschatz, Korth and Sudarshan1.1Database System Concepts Chapter 1: Introduction Purpose of Database Systems View of Data Data Models Data Definition.
Lecture Two Database Environment Based on Chapter Two of this book:

Lecture Two Database Environment Based on Chapter Two of this book:
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Chapter 2 Database System Concepts and Architecture

Chapter 2 Database System Concepts and Architecture
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.

Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.

Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
Dr. Bhavani Thuraisingham The University of Texas at Dallas Trustworthy Semantic Webs October 2013 Data and Applications Security.

Dr. Bhavani Thuraisingham The University of Texas at Dallas Trustworthy Semantic Webs October 2013 Data and Applications Security.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1 Chapter 2: Database System Concepts and Architecture - Outline Data Models and Their.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1 Chapter 2: Database System Concepts and Architecture - Outline Data Models and Their.
Trustworthy Semantic Webs Dr. Thuraisingham The University of Texas at Dallas December 2008.

Trustworthy Semantic Webs Dr. Thuraisingham The University of Texas at Dallas December 2008.
2. Database System Concepts and Architecture

2. Database System Concepts and Architecture
E.Bertino, L.Matino Object-Oriented Database Systems 1 Chapter.1 Introduction Seoul National University Department. of Computer Engineering OOPSLA Lab.

E.Bertino, L.Matino Object-Oriented Database Systems 1 Chapter.1 Introduction Seoul National University Department. of Computer Engineering OOPSLA Lab.
©Silberschatz, Korth and Sudarshan4.1Database System Concepts Database system,CSE-313, P.B. Dr. M. A. Kashem Associate. Professor. CSE, DUET, Gazipur.

©Silberschatz, Korth and Sudarshan4.1Database System Concepts Database system,CSE-313, P.B. Dr. M. A. Kashem Associate. Professor. CSE, DUET, Gazipur.
1.file. 2.database. 3.entity. 4.record. 5.attribute. When working with a database, a group of related fields comprises a(n)…

1.file. 2.database. 3.entity. 4.record. 5.attribute. When working with a database, a group of related fields comprises a(n)…
Ihr Logo Fundamentals of Database Systems Fourth Edition El Masri & Navathe Chapter 2 Database System Concepts and Architecture.

Ihr Logo Fundamentals of Database Systems Fourth Edition El Masri & Navathe Chapter 2 Database System Concepts and Architecture.
Dr. Bhavani Thuraisingham February 2010 Building Trustworthy Semantic Webs Lecture #14 : OWL (Web Ontology Language) and Security.

Dr. Bhavani Thuraisingham February 2010 Building Trustworthy Semantic Webs Lecture #14 : OWL (Web Ontology Language) and Security.

Similar presentations

Ads by Google