Ontology Based Hybrid Access Control for Automatic Interoperation

  • Yuqing Sun
  • Peng Pan
  • Ho-fung Leung
  • Bin Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


Semantic interoperation and service sharing have been accepted as efficient means to facilitate collaboration among heterogonous system applications. However, extensibility and complexity are still crucial problems in supporting multi-level automatic collaborations across dynamically changed domains. In this paper, we propose the ontology based hybrid access control model. It introduces the concept of Industry Coalition, which defines the common ontology and servers as the portal of an application domain for public. By mapping local authorizations to the common ontology, an enterprise can efficiently tackle the problems of automatic interoperation across heterogonous systems in the Coalition, as well as of the general requests from dynamically changed exterior collaborators not belonging to the Coalition. Several algorithms are also proposed to generate authorization mappings and maintain security constraints consistent. To illustrate our model, an example of property right exchange is given and experiment results are discussed.


Access Control Model Semantic Interoperation Role Base Access Control Security Constraint Local Authorization 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferraiolo, D., Barkley, J., Kuhn, R.: A Role-Based Access Control and Reference Implementation within a Corporate Intranet. ACM TISSEC 2, 34–64 (1999)CrossRefGoogle Scholar
  2. 2.
    Park, J., Sandhu, R., Ahn, G.: Role-based Access Control on the Web. ACM TISSEC 4, 37–71 (2001)CrossRefGoogle Scholar
  3. 3.
    Tekeda, H., Iwata, K., Takaai, M., Sawada, A., Nishida, T.: An ontology-Based Cooperative Environment for Real World Agents. Int. Conf. of Multi-agent Systems, pp. 353–360 (1996)Google Scholar
  4. 4.
    Park, J.S.: Towards Secure Collaboration on the Semantic Web. ACM SIGCAS Computers and Society 33, 1–10 (2003)CrossRefGoogle Scholar
  5. 5.
    Bertino, E., Fan, J.P., Ferrari, E., Hacid, M.S., Elmagarmid, A.K., Zhu, X.Q.: A hierarchical access control model for video database systems. ACM TOIS 21, 155–191 (2003)CrossRefGoogle Scholar
  6. 6.
    Pan, C.C., Mitra, P., Liu, P.: Semantic Access Control for Information Interoperation. In: Proc. of SACMAT 2006, Lake Tahoe, California, USA, pp. 237–246 (2006)Google Scholar
  7. 7.
    Ram, S., et al.: Semantic Conflict Resolution Ontology: An Ontology for Detecting and Resolving Data and Schema-level Semantic Conflicts. IEEE TKDE 16, 189–202 (2004)Google Scholar
  8. 8.
    Mitra, P., Pan, C.C., Liu, P., Vijayalakshmi, A.: Privacy-preserving semantic interoperation and access control of heterogeneous databases. In: Proc. of ASIACCS, pp. 66–77 (2006)Google Scholar
  9. 9.
    Yague, M.I., Gallardo, M., Mana, A.: Semantic Access Control Model: A Formal Specification. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 24–43. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Li, Q., Vijayalakshmi, A.: Concept-level access control for the Semantic Web. In: Proc. of the ACM workshop on XML security, Fairfax, Virginia, pp. 94–103 (2003)Google Scholar
  11. 11.
    Trastour, D., Preist, C., Coleman, D.: Using Semantic Web technology to Enhance Current Business-to-Business Integration Approaches. In: Proc of EDOC, pp. 222–231 (2003)Google Scholar
  12. 12.
    van der Vet, P.E., Mars, N.J.I.: Bottom-Up Construction of Ontologies. IEEE TKDE 10, 513–526 (1998)Google Scholar
  13. 13.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rose-Based Access Control Model. IEEE Computer 29, 38–47 (1996)Google Scholar
  14. 14.
    Shafiq, B., Joshi, J.B.D., Bertino, E., Ghafoor, A.: Secure Interoperation in a Multidomain Environment Employing RBAC Policies. IEEE TKDE 17, 1557–1577 (2005)Google Scholar
  15. 15.
    Sun, Y.Q., Pan, P.: PRES—A Practical Flexible RBAC Workflow System. In: Proc. of 7th International Conference on Electronic Commerce, pp. 653–658 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Yuqing Sun
    • 1
  • Peng Pan
    • 1
  • Ho-fung Leung
    • 2
  • Bin Shi
    • 1
  1. 1.School of Computer Science and Technology, Shandong University, 250100 JinanChina
  2. 2.Department of Computer Science and Engineering, The Chinese University of Hong Kong, Hong KongChina

Personalised recommendations