Abstract
This paper addresses the specification of a security policy ontology framework to mediate security policies between virtual organizations (VO) and real organizations (RO). The goal is to develop a common domain model for security policy via semantic mapping. This mitigates interoperability problems that exist due to heterogeneity in security policy data among various (VO) and (RO) in the semantic web. We propose to carry out integration or mapping for only one aspect of security policy, which is authorization policy. Other aspects such as integrity, repudiation and confidentiality will be addressed in future work. We employ various tools such as Protégé, RacerPro and PROMPT to show proof of concept.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bishop, M. (2002). Computer security: Art and science. New York: Addison-Wesley.
Fowler, J., Brad, P., Marian, N., & Bruce, B. (1999). Agent-based semantic interoperability in InfoSleuth. SIGMOD, 28(1), 60–67.
Höne, K., & Eloff, J. H. P. (2002). Information security policy: What do international information security standards say? Computers and Security, 21(5), 402–409.
Howard, R., & Kerschberg, L. (2004). Using facets of security within a knowledge-based framework to broker and manage semantic web services. Paper presented at the Workshop on Secure Knowledge Management, Amberst, New York.
Foster, I., Kesselman, C., & Tuecke, S. (2001). The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3), 200–222.
Gruber, T. R. (1993). A translation approach to portable ontologies. Knowledge Acquisition, 5(2), 199–220.
Lee, K. J., Upadhyaya, S. J., Rao, H. R., & Sharman, R. (2005). Secure knowledge management and the semantic web. Communications of the ACM, 48(12), 48–54.
Mehta, B., Niederée, C., Stewart, A., Muscogiuri, C., & Neuhold, E. J. (2004, June). An architecture for recommendation based service mediation. Paper presented at the Proceedings of International Conference on Semantics of a Networked World (ICSNW), Paris, France.
Missikoff, M., Schiappelli, F., & Taglino, F. (2003). A controlled language for semantic annotation and interoperability in e-business applications. Paper presented at the Proceedings of the Second International Semantic Web Conference (ISWC-03), Sanibel Island, Florida.
Muthaiyah, S., & Kerschberg, L. (2006). Dynamic integration and semantic security policy ontology mapping for semantic web services (SWS). IEEE Engineering Management Society, ISSN 1-4244-0682-X, pp. 116–120.
Wang, H, Jah, S., Livny, M., & McDaniel, P. D. (2004). Security policy reconciliation in distributed computing environments. Paper presented at the Proceedings of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’04), New York.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Muthaiyah, S., Kerschberg, L. Virtual organization security policies: An ontology-based integration approach. Inf Syst Front 9, 505–514 (2007). https://doi.org/10.1007/s10796-007-9050-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-007-9050-7