4. ANÁLISIS A POSTERIORI DE LA ORGANIZACIÓN DIDÁCTICA
4.5 ANÁLISIS A POSTERIORI DE LA ACTIVIDAD 5
4.5.1 Análisis a posteriori de la actividad 5.1 Evaluación escrita
context (oc), based on Larsa’sAtCampusStudent. Let’s call thisF inalizingT AStudent, and is given as follows:
F inalizingT AStudent≡Contextu(U seru ∃hasID.IDentity
u ∃hasRole.Role{Student} u ∃hasGroup.Group
{ActiveStudents})u(Environment{W orkingEnvrnt} u ∃hasLocation.Location{U nivCampus})u(T Element
{W orkingT ime} u ∃hasT ime{xsd :dateT ime
[≥2019−09−01T08 : 00 : 00,≤2018−09−14
T17 : 00 : 00]})u ∃hasObligation.(Obligationu ∃hasObligID.ObligID) (6.6) This axiom represents the reference obligation context. We should note that this context can be written as:
F inalizingT AStudent≡Contextu ∃hasObligation.(Obligationu ∃hasObligID.
ObligID) (6.7)
F inalizingT AStudent{Larsa} ≡Contextu(U ser{Larsa} u ∃
hasID.IDentity{Srudent563} u ∃hasRole.Role
{Student} u ∃hasGroup.Group{ActiveStudents})u
(Environment{W orkingEnvrnt} u ∃hasLocation
.Location{U nivCampus})u(T Element{W orkingT ime} uhasT ime.T ime_Instance{xsd:dateT ime
[2019−09−05T14 : 23 : 00]})u ∃hasObligation.({obl1}
hasObligID.ObligID{ObligAAA569}) (6.8)
This concept states that Larsa is under F inalizingT AStudent at time 2:23 pm on September 5, 2019, if she is under theAtCampusStudentcontext and has an obligation obl1with an IDObligAAA569. One distinguishing property of our obligation approach is that it partially depends on the context of the user. This is because the obligation specifi- cation depends on the user’s context, i.e., the obligation axiom has one important element which is user context. Using the obligation axiom and the context under which the user operates, a new context is automatically derived to serve as a new context which we already call the obligation context (oc) to recognize it from ordinary context. Figure 6.5 illustrates this dependency. Now assume we have following obligation business rule: The policy rule
Table 6.1: Obligation rule for the running example.
No. Rule
Rule: A student who is with con- text F inalizingT AStudent can finalize the on-line TA ap- plication.
Figure 6.5: Context-Obligation Dependency.
for this business rule is specified using Jena rule as follow (rule 6.9):
[rule:
(?r rdf :type cbac:Request)
(?r ctx:hasT ype oblig :T A f inalize) (?r cbac:hasSubject ?s)
(?s rdf :type oblig :F inalizingT AStudent) (?r cbac:hasResource ?rs)
(?r cbac:hasDecision ?d)
−>(?d cbac:hasEf f ect cbac:P ermit)]
(6.9)
6.4 CHECKINGOBLIGATIONSTATES
One of the crucial tasks in obligation is how to define and track its states. For temporal states (transient or persistent), we let the system determine these states. In our implemen- tation, we assign random values to them during program execution. For operational states, however, it is important to specify these states precisely and be able to devise a method
for monitoring their transitions. We have three major operational states (some researchers might add to these three states). We use SWRL (Semantic Web Rule Language) to specify and trigger operational state transitions. These are as follows:
• Fulfilled: An obligation is Fulfilled when its satisfaction conditions are met by the subject. For example, when the credit card holder submits a monthly fee in full before the due date, there will be no additional charge on her/his card. The SWRL rule below specifies a fulfillment condition for a fulfilled obligation:
Obligation(?x)∧hasT F rame(?x,?g)∧withST ime(?g,?g1)
∧withET ime(?g,?g2)∧isReletedT o(?x,?z)∧obligedOn(?x,?y)
∧obligedT oDo(?y,?z)∧of T ype(?z,?s)∧swrlb:
stringEqualIgnoreCase(?s,”submit_T A_receipt”)∧AtCampusStudent(?y)
∧hasT Element(?y,?y1)∧hasT ime(?y1,?t)∧swrlb:
lessT hanOrEqual(?t,?g2)∧swrlb:greaterT hanOrEqual(?t,?g1)
−> F ulf illed(?x)
• Pending: Obligation can be in Pending state in two situations: The action requested by a subject is issued in before the start time of the obligation. For example, if the current date is September 2 2019, and the policy says that starting from September 5 2019, 10:00 am, a tenant should pay a service fee of $45. The SWRL rule below specifies a pending condition for a pending obligation, where t2 is a variable that holds current time. Also, the action requested by a subject may not related to the
obligation, but the due date/time of the obligation is still valid (does not elapse yet).
Obligation(?x)∧hasT F rame(?x,?g)∧withST ime(?g,?g1)
∧withET ime(?g,?g2)∧isRelatedT o(?x,?z)∧obligedOn(?x,?y)
∧obligedT oDo(?y,?z)∧of T ype(?z,?s)∧swrlb:
stringEqualIgnoreCase(?s,”submit_T A_receipt”)∧
AtCampusStudent(?y)∧hasT Element(?y,?y1)∧hasT ime(?y1,?t)∧
swrlb:lessT hanOrEqual(?t,?g2)∧swrlb:greaterT hanOrEqual(?t,?g1)
CurrentT ime(?t2)∧ctx−lite:hasT ime(?t2,?t3)
∧swrlb:lessT han(?t3,?g2)−> P ending(?x)
The SWRL rule below recognizes this case:
Obligation(?x)∧hasT F rame(?x,?g)∧withST ime(?g,?g1)
∧withET ime(?g,?g2)∧isRelatedT o(?x,?z)∧obligedOn(?x,?y)
∧obligedT oDo(?y,?z)∧of T ype(?z,?s)∧swrlb:
stringEqualIgnoreCase(?s,”submit_T A_receipt”)∧AtCampusStudent(?y)
∧hasT Element(?y,?y1)∧hasT ime(?y1,?t)∧swrlb:
lessT hanOrEqual(?t,?g2)∧swrlb:greaterT hanOrEqual(?t,?g1)
CurrentT ime(?t2)∧ctx−lite:hasT ime(?t2,?t3)
∧swrlb:lessT han(?t3,?g2)−> P ending(?x)
date/time of the obligation is invalid (already elapsed).
Obligation(?x)∧hasT F rame(?x,?g)∧withST ime(?g,?g1)
∧withET ime(?g,?g2)∧isReletedT o(?x,?z)∧obligedOn(?x,?y)
∧obligedT oDo(?y,?z)∧of T ype(?z,?s)∧swrlb:
stringEqualIgnoreCase(?s,”submit_T A_receipt”)∧AtCampusStudent(?y)
∧hasT Element(?y,?y1)∧hasT ime(?y1,?t)∧swrlb:
lessT hanOrEqual(?t,?g2)∧swrlb:greater(?t,?g1)
−> V iolated(?x)
We should note that for all situations that need to delete instance from the knowledge base, we use Java-based API’s to achieve them. This is due to the inability of Semantic- Web technologies to do that alone.
6.5 IMPLEMENTATION
Our obligation implementation is carried out on Windows 8.1 machine with 1.9 GHz CPU, 4 GB RAM and 500 GB HDD. After designing our system ontologies, we use the on-line Freedatagenerator to generate unduplicated data instances in the form of excel sheets. Then we use Cellfie plug-in for Protègè to assert these instances to the model ontologies. The rules used for this purpose are based on Java Script Object Notation (JSON) [28]. For example, we use the following JSON rule to assert instances and set their type to T hing OWL class (most general class in OWL language). Then this rule links those instances with other instances using the object properties obligedOn, hasObligID, hasT Status, withDuration, andhasT F rame, in addition to a data propertyisU serOblig.
{"Collections":[{"sheetName":"Sheet1","startColumn":"A","endColumn":"A", "startRow":"2","endRow":"+","comment":"","rule": Individual: @H*
Facts: obligedOn @N*, hasObligID @M*, hasTStatus @A*, withDuration @L*, hasTFrame @O*,
isUserOblig @E* (xsd:boolean)}]}
The obligation’s state checking and transition are implemented using SWRL rules as described above. When executed, these rules transit the obligation operational status from state to state if the conditions of the transition are met. Because obligation express future conditions that may not exist in the present time (the time of a request), we randomly generate events (actions-based or temporal) that trigger obligation policies. These events are generated using our Java application and fed into the model ontologies. After DL- reasoning is complete, the execution of SWRL rules follows. These two steps derive all the deductions needed to make the authorization decision. Figure 6.6 shows the results of our obligation approach simulation. It displays the time needed for different number of obligations’ enforcement. In Figure 6.7, we display the number of DL axioms required to encode the different number of obligations.
Figure 6.7: Number of Obligations versus Number of Axioms Processing Time.
We should note that our obligation enforcement does not change the CBAC authoriza- tion framework we present in Chapter 4. One note about obligation enforcement is that any access granted before activating the obligation can not be tracked back and be obligated (there is no means to impose obligations on the already granted privileges).
CHAPTER
7
CONCLUSIONS AND
FUTURE
WORK
Several researchers have proposed access control strategies for protecting resources on the networks. However, in dynamic environments, where subjects and resources are dynami- cally changing their conditions, in addition to the changes in time and sensors’ updates, an adaptable access control is needed.
We have shown that implementing a context-based authorization using semantic-based techniques can provide an adaptable mechanism that satisfies the heterogeneity, dynamicity and variability properties of dynamic environments. We also have shown that designing context delegation mechanisms is feasible using semantic-based techniques. Furthermore, we have shown that engaging obligation-based access policies into context-based access control systems can be achieved using the same semantic-based techniques and we show that involving obligation with CBAC does not change the basic design of the context-based authorization framework. We also showed that these mechanisms can be developed to be sound and adhere to the Least-Privilege principle.
In brief, we develop an authorization Context-Based Access Control framework to sat- isfy the requirements inherently exist in dynamic environments. We also devise mecha- nisms that provide delegation and obligation services. Our contribution can be summarized in the following points:
• We develop specifications for a Context-Based Access Control policy language us- ing OWL-DL and Jena rules. This specification is used to develop the authorization framework that satisfies the dynamic environment requirements. In our framework, we separate context operations from access authorization operations to reduce pro-
cessing time for distributed networks’ devices and to gain modularity and flexibility. • We develop a prototype implementation for our framework and show the results of the implementation. We provide complexity analysis for the authorization framework in its response to the requests and contrast the complexity against possible optimiza- tion that can be applied on the framework. In Brief, we conclude this dissertation in the following:
• We develop two context delegation mechanisms, GRANT and TRANSFER. In GR- ANT delegation, a successful delegation operation allows delegated privileges to be available to both the delegator and delegatee. In TRANSFER delegation, delegated privileges are no longer available to the delegator.
• We build a semantic-based obligation mechanism and engage it within our authoriza- tion framework. The mechanism associates the obligations with contexts depending on the relatedness of the obligation to the request.
Future work can extend on the authorization, delegation and obligation mechanisms, using the following directions:
• An interesting future direction is to incorporate trust management into our frame- work. We plan to study the impact of honesty, trust level and trust negotiation con- cepts on obligation and delegation mechanisms. For example, we can measure the trust level of both the delegator and the delegatee. If they are equal or the trust level of the delegatee is bigger than that of the delegator, delegation process proceeds, otherwise, delegation request is denied.
• In our current work, we use the full context delegation to assign complete authoriza- tion privilege to a delegatee. A promising future work will be to delegate a subcon- text to assign sub-privilege to a delegatee. For example, assume that the contextC consists of subcontexts C1, C2 and C3 such that C is the full context and is given
as C=C1uC2uC3. Assume that a holder of context C1 can access resources r1,r2,
holder of contextC2can access resourcer3, and a holder of contextC31can access
resourcer4,r5. Hence, holder of contextC can access resourcesr1,r2,r3,r4 andr5.
If a delegator wants to delegate her/his privilege to accessr3to a delegatee, then (s)he
needs only to delegate subcontextC2and not the full contextC. This approach prop-
agates access privileges within one domain or across multiple domains. Delegating subcontexts will also support recognition of the most frequently used subcontexts and we can materialize them so that they will be available for use without the need to redo the reasoning process.
• Investigating deployment options for our framework is also another future direction. CBAC engine can be deployed on the same machine as context manager if they are to be used within a small domain. If they are to be deployed separately for multiple domains or for large domain, then an authentication service is needed between the CBAC engine and the context manger. The responsibility of this service is to pro- vide identity checking via authentication service between the CBAC engine and the context manager to prevent impersonation attacks.
BIBLIOGRAPHY
[1] Connected services: http://www.buick.com/4g-lte-in-car-wifi. html, (Date last accessed 27-December-2016).
[2] freedatagenerator: http://freedatagenerator.com/, (Date last accessed 27-December-2017).
[3] Good ontologies: https://www.w3.org/wiki/Good_Ontologies, (Date last accessed 15-February-2018).
[4] F. Baader, D. Calvanese, D. McGuinness, P. Patel-Schneider, and D. Nardi,The de- scription logic handbook: Theory, implementation and applications, Cambridge uni- versity press, 2003.
[5] D. Barbieri, D. Braga, S. Ceri, E. Della Valle, and M. Grossniklaus, Incremental reasoning on streams and rich background knowledge, Extended Semantic Web Con- ference, Springer, 2010, pp. 1–15.
[6] E. Bark and R. Sandhu, Framework for role-based delegation models, Proceedings of the 16th Annual Computer Security Applications Conference (Washington, DC, USA), IEEE Computer Society, 2000, pp. 168–176.
[7] P. Bellavista, A. Corradi, R. Montanari, and C. Stefanelli,Context-aware middleware for resource management in the wireless internet, IEEE Transactions on Software Engineering29(2003), no. 12, 1086–1099.
[8] P. Bellavista and R. Montanari,Context awareness for adaptive access control man- agement in iot environments, Security and Privacy in Cyber-Physical Systems: Foun- dations, Principles and Applications (2017), 157–178.
[9] T. Berners-Lee, J. Hendler, and O. Lassila, The semantic web, Scientific American 284(2001), no. 5, 34–43.
[10] C. Bettini, S. Jajodia, X. Wang, and D. Wijesekera, Provisions and obligations in policy management and security applications, Proceedings of the 28th international conference on Very Large Data Bases, VLDB Endowment, 2002, pp. 502–513.
[11] R. Bhatti, E. Bertino, and A. Ghafoor, A trust-based context-aware access control model for web-services, Distributed and Parallel Databases18(2005), no. 1, 83–105.
[12] L. Chen, J. Crampton, M. Kollingbaum, and T. Norman, Obligations in risk-aware access control, Privacy, Security and Trust (PST), 2012 Tenth Annual International Conference on, IEEE, 2012, pp. 145–152.
[13] C. Civili, M. Console, D. G. Giuseppe, D. Lembo, M. Lenzerini, L. Lepore, R. Mancini, A. Poggi, R. Rosati, M. Ruzzi, V. Santarelli, and D. F. Savo, Mastro studio: Managing ontology-based data access applications, Proc. VLDB Endow.6 (2013), no. 12, 1314–1317.
[14] J. Cole, J. Derrick, Z. Milosevic, and K. Raymond,Author obliged to submit paper before 4 july: Policies in an enterprise specification, Policies for Distributed Systems and Networks, Springer, 2001, pp. 1–17.
[15] A. Corradi, R. Montanari, and D. Tibaldi,Context-based access control for ubiquitous service provisioning, 28th International Computer Software and Applications Con- ference (COMPSAC 2004), Design and Assessment of Trustworthy Software-Based Systems, 27-30 September 2004, Hong Kong, China, Proceedings, 2004, pp. 444– 451.
[16] M. Covington, W. Long, S. Srinivasan, A. Dey, M. Ahamad, and G. Abowd,Securing context-aware applications using environment roles, Proceedings of the sixth ACM symposium on Access control models and technologies, ACM, 2001, pp. 10–20. [17] M. Covington, M. Moyer, and M. Ahamad,Generalized role-based access control for
securing future applications, Tech. report, Georgia Institute of Technology, 2000.
[18] M. Covington and M. R. Sastry, A contextual attribute-based access control model, OTM Confederated International Conferences" On the Move to Meaningful Internet Systems", Springer, 2006, pp. 1996–2006.
[19] J. Crampton and H. Khambhammettu,Delegation in role-based access control, Inter- national Journal of Information Security7(2008), no. 2, 123–136.
[20] N. Damianou, N. Dulay, E. Lupu, and M. Sloman, The ponder policy specification language, Policies for Distributed Systems and Networks, Springer, 2001, pp. 18–38.
[21] P. K. Das, S. N. Narayanan, N. K. Sharma, A. Joshi, K. P. Joshi, and T. Finin,Context- sensitive policy based security in internet of things, 2016 IEEE International Confer-
ence on Smart Computing, SMARTCOMP 2016, St Louis, MO, USA, May 18-20, 2016, 2016, pp. 1–6.
[22] D. Denning,A lattice model of secure information flow, Communications of the ACM 19(1976), no. 5, 236–243.
[23] A. Dersingh, R. Liscano, and A. Jost, Context-aware access control using semantic policies, Ubiquitous Computing and Communication Journal (UBICC) (2008), 19– 32.
[24] Y. Elrakaiby, F. Cuppens, and N. Cuppens-Boulahia,Formal enforcement and man- agement of obligation policies, Data & Knowledge Engineering 71 (2012), no. 1, 127–147.
[25] D. Ferraiolo and R. Kuhn, Role-based access control. 15th nist-ncsc national com- puter security conference, Gaithersburg, MD (1992), 554–563.
[26] T. Finin, A. Joshi, L. Kagal, J. Niu, R. Sandhu, W. Winsborough, and B. Thurais- ingham, Rowl bac: representing role based access control in owl, Proceedings of the 13th ACM symposium on Access control models and technologies, ACM, 2008, pp. 73–82.
[27] N. Fornara,Specifying and monitoring obligations in open multiagent systems using semantic web technology, Semantic agent systems, Springer, 2011, pp. 25–45.
[28] J. Friesen,Java xml and json, document processing for java se, APress, 2019.
[29] A. Grigoris and H. Frank van,A semantic web primer, 2nd edition (cooperative infor- mation systems), 2 ed., The MIT Press, 2008.
[30] B. Grosof, I. Horrocks, R. Volz, and S. Decker, Description logic programs: com- bining logic programs with description logic, Proceedings of the 12th international conference on World Wide Web, ACM, 2003, pp. 48–57.
[31] S. Gusmeroli, S. Piccione, and D. Rotondi,A capability-based security approach to manage access control in the internet of things, Mathematical and Computer Mod- elling58(2013), no. 5-6, 1189–1205.
[32] C. Gutierrez, C. Hurtado, A. Mendelzon, and J. Pérez,Foundations of semantic web databases, Journal of Computer and System Sciences77(2011), no. 3, 520–541.
[33] M. Harrison, W. Ruzzo, and J. Ullman,Protection in operating systems, Communi- cations of the ACM19(1976), no. 8, 461–471.
[34] H. Ter Herman, Completeness, decidability and complexity of entailment for rdf schema and a semantic extension involving the owl vocabulary, Web Semantics: Sci- ence, Services and Agents on the World Wide Web3(2005), no. 2-3, 79–115. [35] M. Hilia, A. Chibani, T. Winter, and K. Djouani,Semantic based authorization frame-
work for multi-domain collaborative cloud environments, vol. 109, Elsevier, 2017, pp. 718–724.
[36] M. Hilty, D. Basin, and A. Pretschner,On obligations, European Symposium on Re- search in Computer Security, Springer, 2005, pp. 98–117.
[37] P. Hitzler, M. Krötzsch, and S. Rudolph,Foundations of semantic web technologies, Chapman and Hall/CRC Press, 2010.
[38] J. Hobbs and F. Pan,An ontology of time for the semantic web,3(2004), no. 1, 66–85. [39] I. Horrocks, O. Kutz, and U. Sattler, The even more irresistible sroiq, Knowledge
Representation6(2006), 57–67.
[40] Internationalized Resource Identifiers, The internet engineering task force (ietf).[online] http://www. w3. org/tr/2009/rec-owl2-primer-20091027/# ref-rfc-3987, Tech. report, RFC 3987.
[41] L. Kagal, T. Berners-Lee, D. Connolly, and D. Weitzner, Self-describing delegation networks for the web, Policies for Distributed Systems and Networks, 2006. Policy 2006. Seventh IEEE International Workshop on, IEEE, 2006, pp. 10–pp.
[42] L. Kagal, O. Lassila, A. Toninelli, and R. Montanari,Proteus: A semantic context- aware adaptive policy model, 8th IEEE International Workshop on Policies for Dis- tributed Systems and Networks (POLICY 2007), 13-15 June 2007, Bologna, Italy, 2007, pp. 129–140.
[43] A. Kayes, J. Han, and A. Colman, A semantic policy framework for context-aware access control applications, Trust, Security and Privacy in Computing and Com- munications (TrustCom), 2013 12th IEEE International Conference on, IEEE, 2013, pp. 753–762.
[44] Y. Kazakov and P. Klinov,Incremental reasoning in owl el without bookkeeping, In- ternational semantic web conference, Springer, 2013, pp. 232–247.
[45] N. Kodali, C. Farkas, and D. Wijesekera, An authorization model for multimedia digital libraries, International Journal on Digital Libraries4(2004), no. 3, 139–155.
[46] I. Kollia, B. Glimm, and I. Horrocks, Sparql query answering over owl ontologies, Extended Semantic Web Conference, Springer, 2011, pp. 382–396.
[47] D. Kulkarni and A. Tripathi, Context-aware role-based access control in pervasive computing systems, Proceedings of the 13th ACM symposium on Access control models and technologies, ACM, 2008, pp. 113–122.
[48] B. Lampson,Protection, ACM SIGOPS Operating Systems Review8(1974), no. 1, 18–24.
[49] Z. Ma and H. Wang,The semantic web for knowledge and data management: Tech- nologies and practices, (2008).
[50] F. Manola, E. Miller, B. McBride, et al.,Rdf primer, W3C recommendation10(2004), no. 1-107, 6.
[51] F. Marfia, N. Fornara, and T. Nguyen, Modeling and enforcing semantic obligations for access control, Multi-Agent Systems and Agreement Technologies, Springer, 2015, pp. 303–317.
[52] B. Motik, U. Sattler, and R. Studer, Query answering for owl-dl with rules, Web Semantics: Science, Services and Agents on the World Wide Web 3 (2005), no. 1, 41–60.
[53] M. Musen et al., The protégé project: a look back and a look forward, AI matters1 (2015), no. 4, 4.
[54] S. Osborn and D. Servos,Strategies for incorporating delegation into attribute-based access control (abac), International Symposium on Foundations and Practice of Se-