Using OWL and SWRL to represent and reason with situation-based access control policies

Dizza Beimel, Mor Peleg

Research output: Contribution to journalArticlepeer-review

Abstract

Access control is a central problem in confidentiality management, in particular in the healthcare domain, where many stakeholders require access to patients' health records. Situation-Based Access Control (SitBAC) is a conceptual model that allows for modeling healthcare scenarios of data-access requests; thus it can be used to formulate data-access policies, where health organizations can specify their regulations involving access to patients' data according to the context of the request. The model's central concept is the Situation, a formal representation of a patient's data-access scenario. In this paper, we present the SitBAC knowledge framework, a formal healthcare-oriented, context-based access-control framework that makes it possible to represent and implement SitBAC as a knowledge model along with an associated inference method, using OWL and SWRL. Within the SitBAC knowledge framework, scenarios of data access are represented as formal Web Ontology language (OWL)-based Situation classes, formulating data-access rule classes. A set of data-access rule classes makes up the organization's data-access policy. An incoming data-access request, represented as an individual of an OWL-based Situation class, is evaluated by the inference method against the data-access policy to produce an 'approved/denied' response. The method uses a Description Logics (DL)-reasoner and a Semantic Web Rule Language (SWRL) engine during the inference process. The DL reasoner is used for knowledge classification and for real-time realization of the incoming data-access request as a member of an existing Situation class to infer the appropriate response. The SWRL engine is used to infer new knowledge regarding the incoming data-access requests, which are required for the realization process. We evaluated the ability of the SitBAC knowledge framework to provide correct responses by representing and reasoning with real-life healthcare scenarios.

Original languageEnglish
Pages (from-to)596-615
Number of pages20
JournalData and Knowledge Engineering
Volume70
Issue number6
DOIs
StatePublished - Jun 2011

Keywords

  • Access control
  • Conceptual model
  • Knowledge framework
  • Knowledge model
  • OWL
  • SWRL

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Using OWL and SWRL to represent and reason with situation-based access control policies'. Together they form a unique fingerprint.

Cite this