Minghui Wu,Fanwei Zhu,Jia Lv,Tao Jiang,Jing Ying

DOI: https://doi.org/10.1109/tase.2009.50

2009-01-01

Abstract:Most current semantic web services (SWS) discovery approaches focus on the matchmaking of services in a specific description language while in practical application the advertised services are often heterogeneous and distributed. This paper proposes a metric space approach to resolve this problem in which all heterogeneous web services are modeled as metric objects regardless of concrete description languages, and thereby the discovery problem can be treated as similarity search in metric space with a uniform criterion. In the matchmaking process, both the functional semantics and non-functional semantics of the web services are integrated as selection conditions for similarity query. And two types of similarity queries: range query and an improved nearest neighbor query are combined to produce a sorted result set.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Shaomin Zhang,Jianwei Chen,Baoyi Wang

DOI: https://doi.org/10.1109/ICCASM.2010.5620685

2010-01-01

Abstract:This article adopts the method of role mapping, which is based on semantic to solve the problem how to access control in information integration. For the algorithm of single semantic similarity is not good in improving accuracy of similarity, a noble algorithm model is proposed, which calculates semantic similarity between concepts taking many impressive factors in ontology hierarchical relationship into consideration. The model considers information quantity of conceptive property, node depth, node density and asymmetry decided factors based on distance-based algorithm model. Hence, the model improves the accuracy of similarity. The experiment shows that the model calculates similarity of relative concepts fully using properties of ontology and includes weight-adjustable parameters. The experiment verifies that the results are more close to what is from expert judgment in aspects of deviation and compatibility.

Hu Luokai,Ying Shi,Jia Xiangyang,Zhao Kai

DOI: https://doi.org/10.6138/jit.2010.11.2.14

2010-01-01

Abstract:With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) and attribute of entities has become an important issue in the security field of open distributed environment. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control approaches and present a new Semantics Based Cross Domain Access Control Approach with Semantic Access Control Policy Language (SACPL) for describing ACPs. Semantic access control architecture is designed to embed SACPL language and Access Control Oriented Ontology System (ACOOS) into the access control process. Using the approach presented, access control across different domains can be effectively solved through the description and management of semantic attribute. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

Hua Guan,Shi Ying,Xiangyang Jia,Caoqing Jiang

DOI: https://doi.org/10.2495/isme20131191

2014-01-01

Abstract:This paper outlines the access control challenges for web services; the access control models today are mostly static and coarsely grained, and they are not well-suited for the service-oriented environments where information access is dynamic and ad hoc in nature. We proposed a uniform access control platform of web service based on semantic message (SMUACP4WS) as a new approach. SMUACP4WS uses ontology to annotate some semantic policy element, and is based on description logic to represent access control policy. We illustrate the design principle of this platform; define the format of access control's semantic message; and focus on the design of access control policy. Finally, we use a typical case of campus to illustrate the reasoning process of access control policy based on description logic representation. Through the analysis of this case, SMUACP4WS adopts the authorization mechanism flexibility and fine-grained, and has some intelligence.

Miao Liu,Dongqing Xie,Peng Li,Xunlai Zhang,Chunming Tang

DOI: https://doi.org/10.1109/NSWCTC.2009.389

2009-01-01

Abstract:To provide a reasonable, effective and easy-to-use solution approach for the supplier selection. Based on the established transporter selection synthetic index system, a fuzzy semantic distance mathematical model is obtained for selecting transporter. ...

Zhu Wei-dong

2007-01-01

Abstract:To achieve access control for semantic web services,authorization of certificates based on access control method is studied.Based on the analysis of requirements of access control for semantic web services,the access control method that combined SPKI/SDSI certificate and OWL-S ontology descriptions is proposed,which integrated the specification of access control and the descriptions of ser-vice functionality in a unified framework that is manageable and efficient.

JIANG Wei-chao,XIA Yang,HUANG Xiao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.042

2005-01-01

Abstract:Web services, which adopt general protocol and technology, can be easily accessed by users and have been the research hotspot in distributed computing, but the downside of this easiness is that security is compromised. An access control system for web services is presented based on SAML and XACML, which uses SAML to single sign-on and introduces XACML to control the access of users. Based on SAML, XACML is imported to control the protected resources on web sites, and achieves the security of access control of web services.

Luokai Hu,Shi Ying,Xiangyang Jia,Kai Zhao

DOI: https://doi.org/10.1007/978-3-642-10665-1_13

2009-01-01

Abstract:With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

XU Xiang-hua

2007-01-01

Abstract:Access control for Web service is a challenging problem mainly because of the properties of web services and the complexity of distributed net-environment.This paper presents a novel access control model for Web services,which introduces context parameters to control decision according to context-dependent at the time,and is context-aware.This model adopts user's attribute-based access authorization method for Web services,user responsible for proving the possession of the required attributes for the requested services by providing relevant credentials.This model resolves the emerging problem of web services,and is appropriate to a distributed and dynamic web services environment.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

HU Luo-kai,CHEN Xu,CHAI Xin,YING Shi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2012.12.026

2012-01-01

Computer Science

Abstract:A multi-ontology system based access control approach for semantic Web services was proposed.First,a bridge ontology based cross-domain multi-ontology system(CDMOS),which provides a semantic model for access control of Semantic Web Service,was presented based on the distributed description logic(DDL).Secondly,on the basis of semantic access control technology,the access control model for semantic Web service was given.Finally,this paper gave the architecture of multi-ontology system based access control approach for semantic Web service and the case study of this approach.In the access control for semantic Web service,CDMOS not only provides the semantic mapping for the semantic model of security domains,but also ensures the semantic independence among the security domains.

Xia Wang,Yihong Ding,Yi Zhao

2006-01-01

Abstract:Measurement of semantic similarity between Web services is an important factor for Web service discovery, composition, and even execution. Semantic Web services (SWS) are usually specified based on ontologies. The measurement of semantic similarity between Web services thus can be reduced to computing semantic distances between ontologies. In this paper, we briefly surveyed three major existing ontology-distance-computation algorithms and enhanced them to measure the single and multiple ontolgies similarity in SWS context. Based on this survey, we summarized a new hybrid ontology-similarity-measurement methodology that measures similarity between Semantic Web Services.

Xia Wang,Yi Zhao,Wolfgang A. Halang

DOI: https://doi.org/10.1007/978-1-84996-077-9_3

2010-01-01

Abstract:The similarity of semantic web services is measured by matching service descriptions, which mostly depends on the understanding of their ontological concepts. Computing concept similarity on the basis of heterogeneous ontologies is still a problem. The current efforts only consider single hierarchical concept relations, which fail to express rich and implied information on concepts. Similarity under multiple types of concept relations as required by many application scenarios still needs to be investigated.To this end, first an original ontological concept similarity algorithm in a semantic net is proposed taking multiple concept relations into consideration, particularly fuzzy-weight relations between concepts. Then, this algorithm is employed to promote computing the similarity of semantic web services. An experimental prototype and detailed empirical discussions are presented, and the method is validated in the framework of web service selection.

Xueqin Chen,Huizhong Wu,Yaoqin Zhu

DOI: https://doi.org/10.1109/ICSICT.2008.4734715

2008-01-01

Abstract:Recently, distributed computing technologies have developed rapidly, such as web services and other XML-based technologies. Information systems enter into a wide-area distributed computing environment. For web services based information systems, the separation between functions and resources enables reusability. However, it is difficult for traditional Access control models to deal with. The security of system encounters with challenges. This paper proposes a double access control model based on attributes to achieve the access control of system functions and resources. The access control decision of functions depends on subject attributes. The decision of resources relies on three attributes': subject attributes, resources attributes and environments attributes. Consistency of access controls between functions and resources is solved by subject's attributes certificate and shared policy. Certificate proxy is utilized to achieve single sign-on, authenticate and authority in wide-area environment. Furthermore, we depict the process flow of the access control in detail. The proposed model is implemented on XACML.NET package and applied in a web services based information system in NET Environment. At last, the performance of resource access control is analyzed and tested by VSTE-ST 2005. The results of practical application and experiment prove the feasibility and usability of the model.

Sven Hartmann,Hui Ma,Panrawee Vechsamutvaree

DOI: https://doi.org/10.1007/978-3-662-54054-1_5

2016-01-01

Abstract:Web services have emerged as an open standard-based means for publishing and sharing data through the Internet. Whenever web services disclose sensitive data to service consumers, data privacy becomes a fundamental concern for service providers. In many applications, sensitive data may only be disclosed to particular users for specific purposes. That is, access to sensitive data is often restricted, and web services must be aware of these restrictions such that the required privacy of sensitive data can be guaranteed. Privacy preservation is a major challenge that has attracted much attention by researchers and practitioners. Hippocratic databases have recently emerged to protect privacy in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. In particular, the specific purpose of a data access has been considered. Ontologies has been used to represent classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different levels of data access can be provided to web service users with different roles for different purposes. For this, we utilize ontologies to represent purpose hierarchies and data generalization hierarchies. For more complex service requests that require composite web services we discuss the privacy-aware composition of web services. To demonstrate the usefulness of our access control model we have implemented prototypes of financial web services, and used them to evaluate the performance of the proposed approach.

Fenghua Li,Wei Wang,Jianfeng Ma,Haoxin Su

DOI: https://doi.org/10.1109/IAS.2009.114

2009-01-01

Abstract:Web services over the Internet are widely used nowadays. The problem of secure access to Web-based systems is of great importance naturally. Compared with the existing models, the action-based access control (ABAC) model is the most suitable to control the access on Web services. In this paper, the ABAC model is introduced. Then, the security architecture of ABAC for Web services is proposed. In the architecture, the action server manages the action information, the domain server determines the security rank of request resources, and the resource server storing the resources with different security ranks responses the request from the user. The cookie is extended with security properties.

Rui Zhang

2008-12-01

Abstract:Semantic Web techniques bring us help in many fields. In this paper, we propose a way to use Semantic Matching on access control. We illustrate the motivation with an eBusiness access control schema based on RelBAC (for Relation Based Access Control). Semantic Matching techniques are applied on the lightweight ontologies of the subjects and the objects to find the semantic similarities that can be used to suggest new rules, to reuse the existing rules or to separate the duties of semantically disjoint user sets.

Computer Science

Li Yeqing,Qiu Lirong,Zhao Xiaobing

DOI: https://doi.org/10.1109/ICISE.2010.5690483

2010-01-01

Abstract:In this paper, we analyze the background of semantic web services firstly. Then we classify the services into two types: one is information acquiring services, the other is action services. According to the information acquiring services, which semantic description is simpler than general services, we propose an automatic service composition approach based on similarity computation between concept words. The key of this approach is to support users' request automatically. © 2010 IEEE.

JZ Luo,XP Wang,AB Song

DOI: https://doi.org/10.1109/cscwd.2005.194196

2005-01-01

Abstract:Grid computing is appropriate for supporting cooperative work Many designers and engineers from different companies or institutions can dynamically form a virtual organization for a given design task. In order to protect each company's sensitive data and services, access control is therefore necessary and important. In this paper, we present a new approach to authorize and administrate access requests, in which the requests are obliged to negotiate with a policy enforcement point in order to gain access to the target grid service. The new access control model will exploit semantic Web technology, and use machine reasoning about the messages and policies at a semantic level.