Security is a crucial concern for commercial and mission critical applications in Web-based environments. In our model, context information associated with Access Control management policies is defined according to basic operators that can be represented using the Web Ontology Language. Standard inference procedures of Description Logics are being used to check the consistency of context information referred to by policy conditions and, more interestingly, to pre-process context information for grounding policy propagation and enabling conflict resolution. In this paper, we extend the model to encompass part-of relations between entities in context descriptions and, consequently, revise the policy propagation criteria being applied to the model to take into account the newly introduced relations. Finally, we exemplify modality conflicts arising from part-of relations, a category of extensional conflicts (i.e., inconsistencies related to individuals) that cannot be foreseen by looking at the terminology underlying context information.
Extending context descriptions in semantics-aware access control / E. Damiani, S. De Capitani di Vimercati, C. Fugazza, P. Samarati (LECTURE NOTES IN COMPUTER SCIENCE). - In: Information Systems Security / [a cura di] A. Bagchi, V. Atluri. - Berlin : Springer, 2006. - ISBN 9783540689621. - pp. 162-176 (( Intervento presentato al 2. convegno International Conference on Information Systems Security (ICISS) tenutosi a Calcutta nel 2006.
Extending context descriptions in semantics-aware access control
E. DamianiPrimo
;S. De Capitani di VimercatiSecondo
;C. FugazzaPenultimo
;P. SamaratiUltimo
2006
Abstract
Security is a crucial concern for commercial and mission critical applications in Web-based environments. In our model, context information associated with Access Control management policies is defined according to basic operators that can be represented using the Web Ontology Language. Standard inference procedures of Description Logics are being used to check the consistency of context information referred to by policy conditions and, more interestingly, to pre-process context information for grounding policy propagation and enabling conflict resolution. In this paper, we extend the model to encompass part-of relations between entities in context descriptions and, consequently, revise the policy propagation criteria being applied to the model to take into account the newly introduced relations. Finally, we exemplify modality conflicts arising from part-of relations, a category of extensional conflicts (i.e., inconsistencies related to individuals) that cannot be foreseen by looking at the terminology underlying context information.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
