OWL-Based Representation and Enforcement of Data Access Policies

During the last years, policies have become a widespread approach for regulating access to data and managing privacy and security for a large number of multi-agent systems. The increasing amount of data, especially on the Web, requires the definition of more and more com- plex access norms, and policies seem to provide a suitable solution to this issue. A policy-based approach introduces many important features in access control, as support to dynamic change of policies at run-time, and brings benefits in terms of expressiveness, scalability, efficiency, flexibility, extensibility, context-sensitivity and verifiability. The aim of this thesis is to define a unified framework for expressing and enforcing policies, combining the standard XACML architecture and policy language with the benefits of OWL ontologies and reasoning technologies. A complete centralized architecture has been defined, and a prototype of some of its modules has been successfully developed. A working algorithm for automatically translating XACML policies into corresponding OWL axioms has been defined, together with a complete access decision procedure. Although performance issues have been encountered, promising solutions have been elaborated in order to make the framework suitable to be applied to real environments.