Ontoloji Tabanlı Erişim Denetimi

Bilgisayar teknolojileri yaygınlaştıkça erişim denetimi düzeneklerine olan ihtiyaç da artmaktadır. Erişim denetiminin amacı, bir bilgisayar sistemi kullanıcısının gerçekleştirebileceği işlemleri sınırlandırmaktır. Böylelikle, erişim denetimi, güvenlik ihlaline neden olacak bir etkinliğin önlenmesini sağlamaktadır. Bilginin paylaşılmasını ve yeniden kullanımını sağlamak için, biçimsel anlambilimini kullanarak makinelerin diğer makineler ile iletişimine izin veren Anlamsal Web'in başarısı için erişim denetimi düzeneğine ihtiyaç duyulmaktadır. Erişim denetimi düzeneği, güvenilir bir Anlamsal Web'in sağlanması için, kullanıcının bir işlemi gerçekleştirmeden önce yerine getirmesi gereken belirli kısıtları belirtmektedir. Bu çalışmada, geleneksel erişim denetimi düzeneklerinden farklı olarak Anlamsal Web tabanlı politikaların kullanıldığı bir "Ontoloji Tabanlı Erişim Denetimi" düzeneği geliştirilmektedir. Bu düzenekte, erişim denetimi ile ilgili bilginin modellenmesi için ontolojiler kullanılmakta ve politika ontolojileri yaratılırken etki alanı bilgisi temel alınmaktadır.

Anahtar Kelimeler:

Erişim denetimi, Anlamsal web, Ontoloji, Politika.

Ontology Based Access Control

As computer technologies become pervasive, the need for access control mechanisms grow. The purpose of an access control is to limit the operations that a computer system user can perform. Thus, access control ensures to prevent an activity which can lead to a security breach. For the success of Semantic Web, that allows machines to share and reuse the information by using formal semantics for machines to communicate with other machines, access control mechanisms are needed. Access control mechanism indicates certain constraints which must be achieved by the user before performing an operation to provide a secure Semantic Web. In this work, unlike traditional access control mechanisms, an "Ontology Based Access Control" mechanism has been developed by using Semantic Web based policies. In this mechanism, ontologies are used to model the access control knowledge and domain knowledge is used to create policy ontologies.

Keywords:

Access Control, Semantic web, Ontology, Policy.,

PDF

___

Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte,Y., Miège, A., Saurel, C. and Trouessin, G. 2003. “Organization Based Access Control” IEEE 4th International Workshop on Policies for Distributed Systems and Networks (Policy 2003), Lake Come, Italy, June 4-6.
Antoniou, G. and van Harmelen, F. 2004. A Semantic Web Primer 238s. The MIT Press, Cambridge, MA, USA, ISBN 0-26201210-3.
Benantar, M. 2006. Access Control Systems Security, Identity Management and Trust Models. Springer Science Business Media 261s. Springer-Verlag New York, Inc., Secaucus, NJ, ISBN: 978-0-387-00445-7.
Chen, T.Y. 2008. Knowledge sharing in virtual enterprises via an ontology-based access control approach. Computers in Industry. 59 (5), 502–519.
Cuppens, F. and Miège, A. 2003. “Modelling Contexts in the OrBAC Model” 19th Annual Computer Security Applications Conference.
Eclipse. 2010. http://www.eclipse.org.
E-Tourism Ontology. 2004. http://e-tourism.deri.at/ ont/etourism.owl . Ferraiolo, D. F., Kuhn, D. R., Chandramouli, R. 2007. Role Based Access Control. Artech House Publishers, Second Edition, ISBN 13: 978-1-59693-113-8.
Finin, T. et al. 2008. “ROWLBAC - Representing Role Based Access Control in OWL” Proceedings of the 13th Symposium on Access Control Models and Technologies.
Jena. 2010. http://jena.sourceforge.net.
Jrad, Z. and Aufaure, M.A. 2007. “Personalized Interfaces for a Semantic Web Portal. Tourism Information Search” In KES 2007/WIRN 2007, Part III, LNAI 4694. pp. 695-702.
Kagal, L., Finin, T. and Joshi, A. 2003. “A Policy Based Approach to Security for the Semantic Web” 2nd International Semantic Web Conference (ISWC 2003). pp. 402-418.
Kagal, L., Finin, T., Paolucci, M., Srinivasen, N., Sycara, K. and Denker, G. 2004. Authorization and Privacy for Semantic Web Services. IEEE Intelligent Systems. July/Aug. 2004, doi:10.1109/MIS.2004.23. 19 (4), 50-56.
McGuinness, D. L. and van Harmelen, F. 2004. “OWL Web Ontology Language Overview” http://www.w3. org/ TR/owlfeatures .
MotOrBAC. 2009. http://motorbac.sourceforge.net .
Priebe, T., Dobmeier, W. and Kamprath, N. 2006. “Supporting Attributed-based Access Control with Ontologies” Proc. of the First International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria. pp. 465–472.
Priebe, T., Dobmeier, W., Schläger, C. and Kamprath, N. 2007. Supporting Attribute-based Access Control in Authorization and Authentication Infrastructures with Ontologies. Journal Of Software (JSW). ISSN: 1796-217X. 2 (1), 27-38.
Prud'hommeaux, E. and Seaborne, A. 2008. "SPARQL Query Language for RDF” http://www.w3.org/TR/ rdf-sparql-query .
Rei Ontologies. 2004. http://www.cs.umbc.edu/ ~lkagal1/rei/ ontologies.
Resource Description Framework. 2004. http://www. w3.org, / RDF .
Sandhu, R. S. and Samarati P. 1994. Access Control:Principles and Practice. IEEE Communications. 32 (9) 40-48.
Sun, Y., Pan, P., Leung, H. and Shi, B. 2007. “Ontology Based Hybrid Access Control for Automatic Interoperation” 4th International Conference, ATC 2007, Hong Kong, China, July (11-13), 323-332.
Swoogle. 2010. http://swoogle.umbc.edu.
The Dublin Core Metadata Initiative. 2010. http://dublincore.org .
Toninelli, A., Montanari, R., Kagal, L. and Lassila, O. 2007. “Proteus: A Semantic Context-Aware Adaptive Policy Model” POLICY '07: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, Bologna, Italy. 13–15 June 2007. pp.129 –140.
Tonti, G., Bradshaw, J. M., Jeffers, R., Monranari, R., Suri, N. and Uszok, A. 2003. “Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KaoS, Rei, and Ponder” 2nd International Semantic Web Conference (ISWC 2003). pp. 419-437.
Yuan, E. and Tong, J. 2005a. “Attributed Based Access Control (ABAC) for Web Services” In ICWS’05: IEEE International Conference on Web Services, pp. 569.
Yuan, E. and Tong, J. 2005b. “Attribute Based Access Control - A New Access Control Approach for Service Oriented Architecture (SOA)” New Challenges for Access Control Workshop, Ottawa, ON, Canada, April 27.
Watson. 2010. http://watson.kmi.open.ac.uk/ WatsonWUI .