MISC 2010 Presentation

414 views

Published on

Presentation on how to use ontologies in access control systems.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
414
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

MISC 2010 Presentation

  1. 1. Ontology-based Access Control Policy Interoperability Quentin Reul, Gang Zhao, and Robert Meersman
  2. 2. Overview <ul><li>Motivation </li></ul><ul><li>Background </li></ul><ul><ul><li>What is an ontology ? </li></ul></ul><ul><ul><li>DOGMA </li></ul></ul><ul><li>Security Policy Ontology </li></ul><ul><li>Conclusion </li></ul>
  3. 3. TAS 3 Architecture
  4. 4. Ontology-based Interoperability Traditional Ω Sys A Sys C Sys B Sys D Sys E Sys A Sys C Sys B Sys D Sys E
  5. 5. Access Control Policy Interoperability (I) <ul><li>Semantic Interoperability between a Service Provider (SP) and a Service Requester (SR). </li></ul><ul><li>SP and SR may use: </li></ul><ul><ul><li>Same vocabulary for attributes, but different vocabulary for their values </li></ul></ul><ul><ul><li>Different vocabularies for attributes and their values </li></ul></ul>
  6. 6. Access Control Policy Interoperability (II) System B Sys A PEP PDP request (A,T,{N,V}) Interpreter Ω
  7. 7. What is an ontology ? <ul><li>An ontology is a server-stored shared agreement on the semantics of data, processes and rules in a given domain. </li></ul><ul><li>It enables: </li></ul><ul><ul><li>Interoperability between autonomously developed information systems ; </li></ul></ul><ul><ul><li>Data exchange across heterogeneous data sources; </li></ul></ul><ul><ul><li>Communication between humans and machines. </li></ul></ul>
  8. 8. Triangle of Meaning Thing Symbol “ Person ” evokes stands for relates to
  9. 9. DOGMA <ul><li>Double Aritculation: </li></ul><ul><ul><li>A lexon base holds lexons </li></ul></ul><ul><ul><li>A commitment layer mediates between the lexon base and its applications </li></ul></ul><ul><li>Grounded in the linguistic representation of knowledge </li></ul>
  10. 10. Lexons to RDF Person Name Identifier has of has of
  11. 11. Security Policy Ontology (I) <ul><li>Declarative rather than procedural </li></ul><ul><li>Extended to express specific types of security policies (e.g. access control policies). </li></ul>
  12. 12. Security Policy Ontology (II)
  13. 13. Condition
  14. 14. Action
  15. 15. Target
  16. 16. Access Control Policy
  17. 17. ABAC Policy
  18. 18. Conclusion <ul><li>Developed an ontology of Security Policies </li></ul><ul><li>Showed how this ontology could be used to enable interoperability </li></ul>
  19. 19. DOGMA Reference <ul><li>Spyns, P., Tang, Y., Meersman, R.: An Ontology Engineering Methodology for DOGMA . In Journal of Applied Ontology , 3:13-39, 2008 </li></ul><ul><li>Spyns, P., Meersman, R., Jarrar, M.: Data modelling versus ontology engineering . SIGMOD Record Special Issue on Semantic Web, Database Management and Information Systems 31(4):12-17, 2002 </li></ul><ul><li>de Moor, A., De Leenheer, P., Meersman, R.: DOGMA-MESS: A meaning evolution support system for interorganizational ontology engineering . In: Proc. of the 14th International Conference on Conceptual Structures, (ICCS 2006) , Aalborg, Denmark. </li></ul>

×