In this paper, we investigate how to secure sharing of complex data objects among pervasive information systems. To address the challenges posed by heterogeneous data sources, complex objects and context dynamics, we propose an advanced authorization model that supports specifying and enforcing authorizations in flexible and efficient ways. The model employs ontology and semantic web technologies to conceptualize data and explicitly express the relationships among concepts and instances involved in information sharing. Authorizations can be specified at different levels of the predefined concept hierarchies and be propagated to lower-levels. A novel decision propagation model is proposed to enable fast evaluation and updating of concept-level access decisions. To resolve conflicts among policies, we model a policy set as a semilattice, upon which a binary operation is defined to adapt to various requirements. Moreover, enabled by ontology reasoning tools, a flexible specification approach of authorization, namely rule-based policy generation, is developed to encode context dynamics, making the authorization enforcement adaptive to contexts.
All Science Journal Classification (ASJC) codes
- Hardware and Architecture
- Computer Science Applications
- Computer Networks and Communications