REPRESENTING ACCESS CONTROL POLICIES IN OWL

Abstract

Organizations need access control to restrict the use of information related to them. Contextual parameters play a key role to control the access to the information. However, classical access control models do not have an explicit way to include context in access control. In this thesis, we propose an extension to the existing Role Based Access Control (RBAC) system where the context parameters can also be included. We have modelled context information like time, day, location, group membership etc. The proposed framework is extensible enough to add more contextual parameters as per the need. Access control, in organizations, is driven by policies captured according to the access control model in use. There is always a need to have an automatic and adaptive access control system. In this work, we propose the representation of policies and the access control model in Web Ontology Language (OWL). This representation provides a formal way to achieve automation. We enforce these policies by making use of an inference based reasoner. This process is based on deducing additional facts from given data and leverages the semantic nature of OWL. We use this information, collectively, in making access control decisions. We also show that the proposed framework can be used in many real world organizations by demonstrating its application to academic domain. Ontologies have been written to capture different aspect of the academic system including roles, permissions and contextual parameters. As a specific example, an access control system for the examination portal at DTU has been designed and developed. This system shows how access to different webpages is governed by different contexts. The system also provides features like adding new policies and modifying existing ones. The developed system shows the potential capability of our proposed framework and can be extended to other applications as well.