A semantic authorization model for pervasive healthcare

Zang Li, Chao Hsien Chu, Wen Yao

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

In this paper, we investigate how to secure sharing of complex data objects among pervasive information systems. To address the challenges posed by heterogeneous data sources, complex objects and context dynamics, we propose an advanced authorization model that supports specifying and enforcing authorizations in flexible and efficient ways. The model employs ontology and semantic web technologies to conceptualize data and explicitly express the relationships among concepts and instances involved in information sharing. Authorizations can be specified at different levels of the predefined concept hierarchies and be propagated to lower-levels. A novel decision propagation model is proposed to enable fast evaluation and updating of concept-level access decisions. To resolve conflicts among policies, we model a policy set as a semilattice, upon which a binary operation is defined to adapt to various requirements. Moreover, enabled by ontology reasoning tools, a flexible specification approach of authorization, namely rule-based policy generation, is developed to encode context dynamics, making the authorization enforcement adaptive to contexts.

Original languageEnglish (US)
Pages (from-to)76-87
Number of pages12
JournalJournal of Network and Computer Applications
Volume38
Issue number1
DOIs
StatePublished - Feb 2014

Fingerprint

Semantics
Ontology
Semantic Web
Information systems
Specifications

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Cite this

@article{dd9063b2fd234df08245fe7648930070,
title = "A semantic authorization model for pervasive healthcare",
abstract = "In this paper, we investigate how to secure sharing of complex data objects among pervasive information systems. To address the challenges posed by heterogeneous data sources, complex objects and context dynamics, we propose an advanced authorization model that supports specifying and enforcing authorizations in flexible and efficient ways. The model employs ontology and semantic web technologies to conceptualize data and explicitly express the relationships among concepts and instances involved in information sharing. Authorizations can be specified at different levels of the predefined concept hierarchies and be propagated to lower-levels. A novel decision propagation model is proposed to enable fast evaluation and updating of concept-level access decisions. To resolve conflicts among policies, we model a policy set as a semilattice, upon which a binary operation is defined to adapt to various requirements. Moreover, enabled by ontology reasoning tools, a flexible specification approach of authorization, namely rule-based policy generation, is developed to encode context dynamics, making the authorization enforcement adaptive to contexts.",
author = "Zang Li and Chu, {Chao Hsien} and Wen Yao",
year = "2014",
month = "2",
doi = "10.1016/j.jnca.2013.06.006",
language = "English (US)",
volume = "38",
pages = "76--87",
journal = "Journal of Network and Computer Applications",
issn = "1084-8045",
publisher = "Academic Press Inc.",
number = "1",

}

A semantic authorization model for pervasive healthcare. / Li, Zang; Chu, Chao Hsien; Yao, Wen.

In: Journal of Network and Computer Applications, Vol. 38, No. 1, 02.2014, p. 76-87.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A semantic authorization model for pervasive healthcare

AU - Li, Zang

AU - Chu, Chao Hsien

AU - Yao, Wen

PY - 2014/2

Y1 - 2014/2

N2 - In this paper, we investigate how to secure sharing of complex data objects among pervasive information systems. To address the challenges posed by heterogeneous data sources, complex objects and context dynamics, we propose an advanced authorization model that supports specifying and enforcing authorizations in flexible and efficient ways. The model employs ontology and semantic web technologies to conceptualize data and explicitly express the relationships among concepts and instances involved in information sharing. Authorizations can be specified at different levels of the predefined concept hierarchies and be propagated to lower-levels. A novel decision propagation model is proposed to enable fast evaluation and updating of concept-level access decisions. To resolve conflicts among policies, we model a policy set as a semilattice, upon which a binary operation is defined to adapt to various requirements. Moreover, enabled by ontology reasoning tools, a flexible specification approach of authorization, namely rule-based policy generation, is developed to encode context dynamics, making the authorization enforcement adaptive to contexts.

AB - In this paper, we investigate how to secure sharing of complex data objects among pervasive information systems. To address the challenges posed by heterogeneous data sources, complex objects and context dynamics, we propose an advanced authorization model that supports specifying and enforcing authorizations in flexible and efficient ways. The model employs ontology and semantic web technologies to conceptualize data and explicitly express the relationships among concepts and instances involved in information sharing. Authorizations can be specified at different levels of the predefined concept hierarchies and be propagated to lower-levels. A novel decision propagation model is proposed to enable fast evaluation and updating of concept-level access decisions. To resolve conflicts among policies, we model a policy set as a semilattice, upon which a binary operation is defined to adapt to various requirements. Moreover, enabled by ontology reasoning tools, a flexible specification approach of authorization, namely rule-based policy generation, is developed to encode context dynamics, making the authorization enforcement adaptive to contexts.

UR - http://www.scopus.com/inward/record.url?scp=84897610095&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84897610095&partnerID=8YFLogxK

U2 - 10.1016/j.jnca.2013.06.006

DO - 10.1016/j.jnca.2013.06.006

M3 - Article

AN - SCOPUS:84897610095

VL - 38

SP - 76

EP - 87

JO - Journal of Network and Computer Applications

JF - Journal of Network and Computer Applications

SN - 1084-8045

IS - 1

ER -