Presentation is loading. Please wait.

Presentation is loading. Please wait.

ROWLBAC – Representing Role Based Access Control in OWL

Published byNathaniel Harding Modified over 10 years ago

Similar presentations

Presentation on theme: "ROWLBAC – Representing Role Based Access Control in OWL"— Presentation transcript:

1 ROWLBAC – Representing Role Based Access Control in OWL
Tim Finin, Anupam Joshi, UMBC Lalana Kagal, MIT Jianwei Niu, Ravi Sandhu, William Winsborough, UTSA Bhavani Thuraisingham, UTD

2 Our Thesis Semantic Web technology provides an good framework for enhancing interoperability and portability of authorization policy We show how RBAC can be supported by OWL (Web Ontology Language)

3 Why RBAC? Role Based Access Control NIST Standard Real world success
Extensive academic study

4 What is OWL? OWL A family of knowledge representation languages
Based on Description Logic (DL) XML-based representation in Resource Description Framework (RDF) W3C standard Widely used for defining domain vocabularies called ontologies Used for developing policy languages for Web

5 Why Support RBAC in OWL? OWL has features needed in distributed, decentralized environments Cooperating organizations have their own native schemas and data models OWL provides an appropriate framework in which to agree on and specify ontologies for roles, actions, and resources Class hierarchy and other ontological restrictions make OWL particularly effective Cardinality and disjointness Grounding in logic facilitates translating among formalisms for analysis or execution

6 Outline RBAC in OWL Additional stuff in the paper: Basics
Two approaches to representing roles Each has its own rbac ontology Domain-specific ontologies Additional stuff in the paper: Attribute-based Access Control (ABAC) in OWL Role-based Trust management (RT) and its security analysis in OWL

7 RBAC in OWL: RBAC Ontology Basics
Actions Subjects Objects

8 RBAC in OWL: Representing Roles
Two approaches to representing roles Roles as classes Roles as values Each approach is supported by its own ontology Differ in generality of queries that DL reasoning can support

9 Roles as Classes Each RBAC role is represented by two OWL classes:
Static assignment to the role (e.g., PermanentResident) Dynamic activation of the role (e.g., ActivePermanentResident) These each have two parent classes: For each RBAC role, the domain-specific ontology has two classes, <RoleName> and <ActiveRoleName>

10 Roles as Classes OWL specification assigns static and activated roles
Role hierarchy is represented using the class hierarchy

11 Roles as Classes Role hierarchy is represented upside down by class hierarchy

12 Roles as Classes Separation of duty
OWL directly supports ssod and dsod via the OWL property, disjointWith

13 Roles as Classes Permitted and prohibited subclasses of actions
Each action is an instance of exactly one subclass PEP can query which one a given action belongs to

14 Roles as Classes Permission-role assignments are supported via rbac:PermittedAction Domain-specific ontology example:

15 Consider all currently active roles
Roles as Classes Enforcing dsod constraints User attempts to create a ActivateRole action Consider all currently active roles

16 Roles as Values Roles are modeled as instances of a generic Role class

17 Roles as Values Example:

18 Roles as Values Role hierarchy RBAC ontology:
Domain-specific ontology:

19 Roles as Values Reasoning about inheritance

20 Roles as Values Separation of duty RBAC ontology:
Domain-specific ontology:

21 Roles as Values Detecting separation of duty violations

22 Roles as Values Permission-role assignment RBAC ontology:
Domain-specific ontology:

23 Roles as Values Determining whether an action is permitted

24 Comparison of Approaches
Roles-as-classes supports more general queries Can ask whether a specific user can access a specific resource But, can also ask whether all members of a given role can access a class of resources Roles-as-values Can only ask whether a specific user can access a specific resource Domain-specific ontologies for roles as values is simpler

25 Changing State Changes in the RBAC system have to be modeled by changing the set of OWL clauses Adding clauses can be done efficiently Adding a user to a role A user activating a role Removing clauses can lead to a lot of reevaluation Removing a user from a role A user deactivating a role

26 Other Stuff The paper also talks about supporting
Attribute Based Access Control Object attributes such as location Partial support of Role-based Trust management (RT) Partial support of security analysis in RT

27 Conclusion OWL provides many features that support RBAC, ABAC, RT, and security analysis It also easily supports nice extensions Class hierarchy of objects Reasons The logical semantics of OWL Powerful features such as transitive properties, class hierarchy, cardinality constraints, disjoint classes, equivalent classes

Download ppt "ROWLBAC – Representing Role Based Access Control in OWL"

Similar presentations

CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.

CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.
Chronos: A Tool for Handling Temporal Ontologies in Protégé

Chronos: A Tool for Handling Temporal Ontologies in Protégé
Semantic Web Thanks to folks at LAIT lab Sources include :

Semantic Web Thanks to folks at LAIT lab Sources include :
Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security.

Dr. Bhavani Thuraisingham February 18, 2011 Building Trustworthy Semantic Webs RDF and RDF Security.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.

The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
Of 27 lecture 7: owl - introduction. of 27 ece 627, winter ‘132 OWL a glimpse OWL – Web Ontology Language describes classes, properties and relations.

Of 27 lecture 7: owl - introduction. of 27 ece 627, winter ‘132 OWL a glimpse OWL – Web Ontology Language describes classes, properties and relations.
Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.

Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language

From SHIQ and RDF to OWL: The Making of a Web Ontology Language
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
A Really Brief Crash Course in Semantic Web Technologies Rocky Dunlap Spencer Rugaber Georgia Tech.

A Really Brief Crash Course in Semantic Web Technologies Rocky Dunlap Spencer Rugaber Georgia Tech.
Ontology Development Kenneth Baclawski Northeastern University Harvard Medical School.

Ontology Development Kenneth Baclawski Northeastern University Harvard Medical School.
A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)

A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.

Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.
INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.

INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.
The Semantic Web William M Baker

The Semantic Web William M Baker
Building an Ontology of Semantic Web Techniques Utilizing RDF Schema and OWL 2.0 in Protégé 4.0 Presented by: Naveed Javed3339917 Nimat Umar3431072 Syed.

Building an Ontology of Semantic Web Techniques Utilizing RDF Schema and OWL 2.0 in Protégé 4.0 Presented by: Naveed Javed Nimat Umar Syed.

Similar presentations

Ads by Google