An Interoperation Framework for Context-aware Access Control

An access control system can be defined as a set of policies, models and enforcement mechanisms that are used to restrict access to data and resources of an organization. This dissertation presents an approach for modeling and enforcing a context-aware access control model based on Role Based Access Control (RBAC) and Description Logic. In this approach, languages from the Semantic Web and ontologies are used to represent access control policies and Description Logic reasoners are used to enforce those policies. To improve reasoning efficiency, a technique for ontology modularization is also presented. In addition, this dissertation presents two models for integration of policies belonging to different organizations in collaborative environments. The first model uses a Global as View approach to integrate local RBAC policies, which are treated as local data sources to be integrated. These policies are integrated in a repository, which provides a global view over them and serves as a mediator for queries regarding availability of resources and services in the local systems. We present a practical use for this model in the context of Grid Systems and the Globus toolkit. The second model deals with data represented in XML format when access to these data is specified using the Mandatory Access Control model (MAC). As the XML schemas are integrated into a common repository, the MAC policies associated with those data are also integrated in that common repository.