Multi-Agent Based Access Control Framework for Social
Networking Systems Using Ontology
Vipin Kumar1
1
Krishna Institute of Engineering & Technology,
Ghaziabad, 201206,
1
Ph. D Scholar of Shri Venkateshwara University
Gajraula, J. P. Nagar (UP)
Dr. Sachin Kumar2
2
AKG Engineering College,
27th KM stone, Delhi Hapur Bypass Road,
Ghaziabad,
[email protected]
[email protected]
Abstract
Online Social Networks (OSN) have been achieved
tremendous growth in recent years and become a de facto
standard for social gathering for hundreds of millions of
Internet users. Social gathering web sites such as Facebook,
Google+, and Twitter are naturally designed to enable
people to share personal or public information and make
social relations with friends, coworkers, colleagues, family
and even with strangers. These OSN sites offer attractive
means for digital social interactions and information
sharing, but also raise a number of security and privacy
issues. While OSN allow users to restrict access to shared
data, they currently do not provide any mechanism or
trusted access control framework to enforce privacy
concerns over data associated with multiple users plus do
not provide fast interaction among users. In this paper, we
proposed multi-agent based access control framework for
SNS using ontology web for Web 3.0 for providing
maximum security assurance with fast interaction among
OSN users during online interaction. In this paper, we also
proposed ontology to satisfy or validate the need of this
framework using Protégé ontology development tools
designed by University of Stanford and used Java based
Jena Semantic Web Framework for practical
implementation of this framework.
Keywords: SNS, CRACF, MABACF, MABOGM,
MABDBU
1.
Introduction
Online Social Networks (OSN) is live representations of
the relationships between individuals and groups in a
community. In terms of abstract representation, these
networks are just simple graphs with nodes for the people
and groups and links for the relationships. In practice, the
links can encode all kinds of relationships – familial and
friendship. Online communities like Facebook are groups
of people connected through the Internet. These
communities have become an important part of modern
society and contribute to life in many contexts – social,
educational, political and business. The communication
technologies and infrastructures used to support online
communities have evolved with the Internet and include
electronic mailing lists, bulletin boards, UseNet, IRC,
Wikis, and blogs. Online communities built on social
network structures began appearing from 2002 and have
become most popular web-based applications now a day’s.
Such sites allow individuals to publish personal
information in a semi-structured form and to define links to
other members with whom they have relationships of
various kinds. Current examples include Facebook,
Friendster, LinkedIn, Tribe.net, and Orkut. Other webbased online communities have successfully combined
social networking with various interests, such as
photography (www.Flickr. com), film (www.Netflix.com),
personal blogging (www.Myspace.com) and dating
(www.Thefacebook.com).
The advent of emerging technologies such as online social
networks, service-oriented architecture and cloud
computing has enabled us to perform social networking and
business services more efficiently and effectively.
However, we still suffer from unwanted or unintended
security leakages by unauthorized actions in social
networking services and business services while providing
more convenient services to users through such a cuttingedge technological growth. Access control is one of the
most fundamental and pervasive mechanisms in use today
to secure these services.
There have been two parallel areas in access control
research in recent years. On one hand, there are efforts to
develop access control models to fulfill the authorization
requirements from real-world application domains. These
have turned out several successful and well-established
access control models, such as the RBAC96 model [1], the
NIST/ANSI standard RBAC model [2, 3], the RT model
[4], and the Usage Control model [5]. On other hand, in
parallel, and almost separately, many researchers have
devoted to develop policy languages for access control to
support policy-based computing, including applicationlevel policies (e.g., XACML [6], SAML [7], Ponder [8] and
EPAL [9]), network-level policies (e.g., firewall policy [10]
and IPSec policy [11]), and system level policies (e.g.,
SELinux policy [12] and AppArmor policy [13]).
There is big gap between access control developing and
implementing it on real life application like social
networking system or cloud computing, because there is
not any standard framework to implement these access
control model in these application. In this paper, we have
proposed a multi-agent based access control model for SNS
using Ontology for Web 3.0.
2.
Importance of Access Control
Framework
Over the past decade, online social networks have
witnessed phenomenal growth in popularity to an extent
that today two thirds of the world’s Internet population
participates in some form of online social networking. This
large audience spends a significant amount of time both
viewing existing information and contributing new
information to the social web. In regards with member
communities such as Facebook, MySpace, Orkut, Twitter,
and LinkedIn, the data generated is stored with the relevant
social network service providers. This data, which is
mainly a representation of real life of the members,
includes pictures, videos, educational and work profiles,
personal contact information, and list of friends and
acquaintances. While networking online presents obvious
benefits to users, the flaws of the current model of
centralized online social networks is raising concerns. The
two major issues with the centralized system are emergence
of “information silos” which are closed to the outside web
and even other social networks as well as lack of user
control over dissemination of personal information; a major
privacy concern. To solve above mentioned problems,
proper access control model or framework is required, but
so far, no such standard access control models are present
according to the need of social networking system. Our
approach in this paper is proposed multi-agent based access
control framework for social networking system using
ontology.
3.
Related Work
In recent years, many research efforts have been devoted to
UML-based security model. Ahn et al. [14] showed how
RBAC model and constraints can be expressed in UML
using OCL. Jurjens et al. [15] proposed an extension to
UML that defines several new stereotypes towards formal
security verification of elements. Alghathbar et al. [16]
defined an approach AuthUML that includes a process and
a modeling language to express RBAC policies via use
cases. Ray et al. specified reusable RBAC policies using
UML diagram templates and showed how RBAC policies
can be easily integrated with the application. Basin et al.
defined a meta-model to generate security definition
languages, an instance of which is SecureUML, a platformindependent language for RBAC. Mouheb et al. [17]
presented an aspect-oriented modeling approach for
specifying and integrating security concerns into UML
design models. All of these approaches accommodated
security requirements without considering the validation of
security model and policy.
One important aspect of access control model analysis is to
formally check general properties of access control. In
formal verification, a formal specification of a system is
proven with a set of higher-level properties that the system
should satisfy [18]. Currently, formal verification offers a
rich toolbox containing a variety of techniques such as
model checking, SAT solving [19] and theorem proving,
for supporting automatic system verification. Schaad and
Moffett [20] specified the access control policies under the
RBAC96 and ARBAC97 model and a set of separation of
duty constraints in Alloy. They attempted to check the
constraint violations caused by administrative operations.
In [21], Shafig et al. explored a Petri-Net based framework
to verify the correctness of event-driven RBAC policies in
real-time system.
Toahchoodee et al. [22] demonstrated how the spatiotemporal aspects in RBAC model can be verified with
Alloy. Our approach also adopts Alloy to analyze the
formal specifications of an RBAC model and constraints,
which are then used for access control system development.
In addition, the verified specifications are used to
automatically derive the test cases for conformance testing.
In [23], Shor et al. demonstrated how the USE tool, a
validation tool for OCL constraints, can be utilized to
validate authorization constraints against RBAC
configurations. The policy designers can employ the USEbased approach to detect certain conflicts between
authorization constraints and to identify missing
constraints. However, the USE tool mainly focuses on the
analysis of OCL constraints and has limitations for
specifying models and policies. Similarly, Basin et al. [24]
showed security-design models represented with UML and
OCL can be validated based on system scenarios, which
represent possible run-time instances of systems.
However, very few studies addressed how access control
mechanisms could be tested. Recently, mutation analysis
was applied to security policy testing. Masood et al. [25]
used formal techniques to conceive a fault model and adopt
mutation for RBAC models.
Xie et al. [27] proposed a fault model for XACML policies.
The mutation operators were introduced to implement the
fault model. Pretschner et al. also used mutation analysis
and defined security policy mutation operators in order to
improve the security tests. However, no existing work
could adopt formal verification technologies for test case
generation for the purpose of checking the compliance of
access control system design and implementation.
In our proposed ACF, we are implementing ontology using
well known ontology development tool Protégé. Protégé is
developed by University of Stanford.
4.
CRACF Working Architecture
There are many ways to represent CRACF (Currently
Running Access Control Framework) architecture, here
figure 1 use to represent currently running access control
framework architecture, in this architecture user is the actor
that make request to SNS using Internet via Web Browser
as shown in figure 1. Web Browser is the user interface that
used by user or actor to interact with SNS.
SNS represents social networking websites like Facebook,
Orkut, and Twitter etc. that directly make connection with
database managed by DBMS or RDBMS. This interaction
between database layer and SNS may be implemented
using Client/Server architecture or distributive DBMS
architecture
And at last Database layer represent the data or Meta data
used in SNS. This data may be stored using any database
management software like MSSQL, Oracle, and MySQL
etc.
transaction with the database. If load on server is high then
it takes more time for transaction as compare to normal
time taken.
In this paper, we purposed a new innovative multi-agent
based access control framework which is more suitable for
next generation web or semantic web environments that
will take less time for transaction as compare to currently
running ACF.
5.
Proposed Multi-Agent Based Access
Control Framework (MABACF)
Architecture
This proposed access control framework is completely
based on innovative idea that came in mind after studying
related work in the area of OSN (Online Social Network)
This framework is distributed into two sections, first
section control or interacted by users or actors and second
section is control or interacted by administration for the
framework. User in the first section is the actor in this
framework as same as CRACF that interacts with the other
OSN users via web browser that may be friends, relatives
or unknown users of same SNS (Social Network System)
on Internet.
Query Analyzer Interface gets request from user via
Internet and send request to multi-agent based Ontology
Manager in sentence skeleton form. On the base of
sentence skeleton send by query analyzer, MABOM
generate query using query generator and pattern heuristic
and then send that query to SPARQL engine.
SPARQL is a recursive acronym for the SPARQL Protocol
and RDF Query Language. SPARQL is a structure query
language for RDF as SQL is a structure query language for
DBMS or RDBMS. SPARQL engine execute query send
by MABOM from SNS Ontology and send result of that
query to user that made request earlier for the specific
query.
Ontology is a data model that represents knowledge as a set
of concepts within a domain and the relationships between
these concepts. In short Ontology is simply data
management that why, here SNS Ontology represent
semantic web ontology that have relationship, rules,
assertions and regulation among classes, object properties,
data properties and individual.
Figure 1: Currently Running ACF Model for SNS
This approach is very simple or straight forward that have
less flexibility or security which is more suitable for Web
2.0, but may not be suitable for Web 3.0 or Semantic Web
(third generation web). In this type of architecture database
access type is more or constant for each and every
Administrator is the actor in second section in this
framework that interacts with the SNS Database using
MABOGM and MABDBU. MABDBU is Multi-Agent
Based Database Updater that managed by administrator to
update or modified SNS Database for time to time
modification of this database. MABOGM is Multi-Agent
Based Ontology Generator and Modifier that also managed
by administrator to create or update SNS ontology time to
time as per new rules inserted in SNS Database.
SNS Database is RDBMS database that store data related to
elements and relations, such as a set of roles, a set of users,
a set of permissions, and relationships between users, roles,
permissions and etc.
Figure 2: Proposed MABAC Framework
6. SNS Ontology
A. Introduction
According to Thomas Gruber, Ontology is an explicit
specification of conceptualization. It uses to represent
knowledge, meta-data, rules and assertions.
For creating SNS Ontology, we have used Protégé; Protégé
is a free, open source ontology editor and knowledge-based
framework that is supported by a strong community of
developers and academic, government and corporate users,
who are using Protégé for knowledge solutions in areas as
diverse as biomedicine, intelligence gathering, and
corporate modeling.
B. SNS Ontology Classes Graphical
Representation
In this paper, we proposed Social Networking Systems
Ontology (SNS Ontology) that models the key entities and
their relationships that typically found in SNS; partly
because we could not find an appropriate ontology
representation in the literature that we studied. Based on
this, we elaborate and discuss various scenarios regarding
our proposed access control model. Note, however, that our
access control model is not tied or limited to this specific
ontology. It can be implements for any ontology.
This is the version 2 of the SNS Ontology comprises of 18
classes and 42 object properties that is upgraded version of
SNS ontology version 1[28]. Figure 3 shows graphical
representation of relationship among classes in SNS
Ontology.
The Thing is the root class of all classes in SNS Ontology,
with four immediate descendants classes are:
DigitalObjects, Persons, Relations and Events.
The DigitalObjects class models any object with digital
properties. The Persons class models human users in the
context of Social Networking and it is specialized by
Woman and Man class. Man class represents male and
Woman class represent female. The DigitalObjects class is
specialized by sub-classes such as Notes, Photos, Wall,
VideoClips and Annotation. The Notes class represents a
textual content or data. The Wall class models the posting
board on the homepage of a currently login person, such as
the one Facebook or Orkut provides. The Annotation class
represents special digital objects that instead of directly
representing a content, annotate one object (e.g., a wall, a
photo, etc.) using another object (e.g., a textual comment, a
person, etc.). The two objects are related to an annotation
object, using properties Annotates and AnnotatesWith,
respectively.
Annotation class itself is specialized by Comment, Tag, and
WallPost. Comment class annotates an object with a note.
Tag class itself is specialized by PersonTag. PersonTag
class has two subclasses PhotoPersonTag and
VideoPersonTag. PhotoPersonTag class is a specialized tag
that annotates a photo with a person and VideoPersonTag
class is specialized tag that annotates a video with a person.
WallPost class annotates a wall with an object, e.g., a photo
or video. We choose to represent annotation as a concept,
rather than a relation, in order to be able to capture more
semantics regarding it. For instance, it is usually important
to know who has tagged a person in a photo; that might be
different from the owner and the tagged person
Figure 3: SNS Ontology Classes
individuals like note1, note2, note3 & note4. Man class has
12 individuals like Amit, Ankit, Madurendra, Rajiv, Ravi,
C. SNS Ontology Graphical Representation
Robert, Vipin, Sachin, Santosh, Shashank, ssn_singh, &
In this section, three figures are used to different
tom. Woman class 7 individuals like Sita, Savatri, Preveen,
perspective of this ontology. Figure 4 shows PG ETI Sova
Preeti, Marry, Arti & Alice. Photos class has 5 individuals
representation of proposed SNS ontology to show
like photo1, photo2, photo3 photo4 & photo5 and at last
relationships among classes and objects. Figure 5 shows the
VideoClips class has 5 individuals like video1, video2,
PG ETI Sova Radical Tree representation this ontology.
video3 video4 & video5. Figure 4 also shows relationships
and assertions among all classes and individuals used in
All these figures show that in this ontology models, there
SNS Ontology
are 18 classes, 48 individuals. Comment class has 5
individuals like comment1, comment2, comment3
comment4 & comment5. Event class has 4 individuals like
event1, event2, event3 & event4. Notes class has 4
Figure 4: SNS Ontology PG ETI Sova Representation
Figure 5: SNS Ontology PG ETI Sova Radical Tree Representation
B. Policy and Rule Enforcements
7. Implementation
A. Framework Setup
For testing authentication of this framework, we have
developed a prototype implementation of an SNS
knowledge-base that is protected based on the proposed
MABACF for SNS using Ontology model. The
implementation has been done in Java language based on
the Jena Semantic Web framework. We leverage Jena’s
TDB for persistent storage of SNS ontologies. In an
initialization phase, based on the SNS knowledge captured
in SNSO, SNSO is populated with the corresponding
reified properties and permissions. Figure 2 illustrates the
architecture of the prototype implementation. Access
control policy rules are provided by users and system
administrators, using separate interfaces, and are stored in
the policy rule-base. Rules are expressed using SWRL.
However, since SWRL is not directly supported in Jena, we
programmatically convert rules to Jena’s own rule language
in a policy compilation phase. Note that there is no loss of
expressiveness in this process. At run time, the Query
Analyzer accepts the requests from a user via web browser
and passes it to the Matching Center module, where it is
augmented with access control primitives. The modified
query is then sent to the SPARQL Engine my MAB
Ontology Manager. The SPARQL Engine interacts with the
SNSO to retrieve the query results and pass it to web
browser for user.
Knowledge resources are needed to be captured or store
using ontology. In SNS, access control policies need to be
semantically express them using ontology concepts. Our
approach is to capture the other components of policies for
getting right decision using ontology.
This way access control policies and protected knowledge
resources can naturally be integrated to facilitate an
efficient and semantic rich access control decision. For this
purpose, we propose SNS ontology with access control
framework. We consider relations main protection objects
in an ontology-based knowledge base. However, current
semantic web based languages like OWL do not support
such kind of statement about the relation instances, which
is necessary for specifying authorizations on them. In order
to support this, we have modified some rules using Java
language and tried to implement them on Jena Semantic
Web Framework as much as possible to implement. There
are so many approaches available for it like reified [29],
permission authorizations, personal authorization, direct
authorization, basic authority specification, dependent
authorization, dependent authorization & multi-authority
specification etc. but we do not consider all of them in our
ontology policies, we have categories all of them in two
types direct or indirect rules.
Direct Rules: In this ontology we have asserted more than
100 direct rules as prototyped for running this access
control framework model. Direct authorization rules allow
the system to grant permissions to users without
involvement of user authorities. Similar to a personal
authorization rule [29], the antecedent specifies the
protection resource. The formats of a direct authorization
rule are shown in table 1 as follows:
4
5
6
7
8
9
S. No
1
2
3
4
5
6
7
8
9
10
11
12
Direct Rules
sns:property(alice,robert) ⇒
sns:hasBrother(alice, robert)
sns:property(alice,marry) ⇒
sns:isFriendOf(alice, marry)
sns:property(amit,vipin) ⇒ sns:isFriendOf(amit,
vipin)
sns:property(arti,preveen) ⇒ sns:isSisterOf(arti,
preveen)
sns:property(comment4,photo1) ⇒
sns:postedOn(comment1, photo1)
sns:property(note1,photo1) ⇒
sns:annotatesWith(note1, photo1)
sns:property(shashank,ankit) ⇒
sns:hasFriend(shashank, ankit)
sns:property(robert,video1) ⇒
sns:canView(robert, video1)
sns:property(vipin,comment2) ⇒
sns:posted(vipin, comment2)
sns:property(sachin,vipin) ⇒
sns:isBrotherOf(sachin, vipin)
sns:property(marry,sita) ⇒
sns:isSiblingOf(marry, sita)
sns:property(robert,tom) ⇒
sns:isFatherOf(robert, tom)
10
hasParent(?x, ?y) ^ hasSister(?y, ?z) ->
hasAunt(?x, ?z)
hasParent(?x, ?y) ^ man(?y) -> hasFather(?x,
?y)
hasChild(?x, ?y) ^ man(?x) -> hasSon(?x, ?y)
hasChild(?x, ?y) ^ woman(?x) ->
hasDaughter(?x, ?y)
Person(?x) ^ hasSibling(?x, ?y) ^ man(?y) >hasBrother(?x, ?s)
hasParent(?x, ?y) ^ hasBrother(?y, ?z) ->
hasUncle(?x, ?z)
Person(?x) ^ has Age(?x, ?age) ^
swrlb:greaterthan(?age, 17)-> adult(?x)
Table 2: Indirect Rules of SNS Ontology
These variables ?x and ?p represent the object and subject
represented in this ontology. These all rules are derived
from one or more direct rules or metadata to make
intelligence in this ontology.
C. Query Analysis
The Semantic Web, typically represented using the RDF
data format, requires a specific query language to make it
possible to send queries and receive results. This is
provided by the
SPARQL query language and the accompanying semantics
and protocols. SPARQL queries are similar in syntax to
SQL but are based on the RDF triple models and provide
patterns against such relationships in which some resource
references are variables. A SPARQL engine would return
the resources that match these patterns for all triples.
General formatting for SPARQL query is like this:
Let (sub, Q) be a query access request, where
Table 1: Direct Rules of SNS Ontology
The above rules state that a subject can read a property
instance of which it is either the subject or the object,
respectively.
Indirect Rules: In this ontology we have also asserted
more than 100 direct rules as prototyped for running this
access control framework model. In direct rules are rules
that extract from combination of one or more direct rules
and extract with the help of semantic based languages like
SWRL etc.
SWRL rule contains antecedent part and a consequent part.
If all the atoms in the antecedent are true, then the
consequent must be true. Some of the main indirect rules
enforced in this ontology are follows in table 2
S. NO
1
2
3
Indirect Rules
hasSibling(?x, ?y) ^ man(?y) ->
hasBrother(?x, ?y)
hasSibling(?x, ?y) ^ woman(?x) >hasSister(?x, ?y)
hasParent(?x, ?y) ^ woman(?x) ->
hasMother(?x, ?y)
Represents a conjunctive WHERE clause. A retrieval
engine automatically enforces the access control policy and
retrieves the authorized result by evaluating
In each query predicate is followed by two predicate for
access control purpose: first predicate bounds the relation
to a resource variable and second predicate checks if the
subject has permission to access the resource. A SPARQL
query that is augmented with access primitives can be
directly processed by a SPARQL engine on ontology. The
access control information is seamlessly captured in the
ontology by using an ontology reasoned on authorization
rules
For example: Suppose Amit requests access to the list of
Vipin friends who live in Ghaziabad. This is the complex
query, syntax of this query in SPARQL format is:
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntaxns#>
PREFIX owl: <http://www.w3.org/2002/07/owl#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX : <http://SNSOntology.owl#>
SELECT ?x
WHERE
{
{?x :isFriendOf :vipin}
UNION
{?x :liveIn :Ghaziabad}
}
Similarly we also executed many query in our proposed
SNS ontology for result analysis to write this paper. Few
examples from those executed query are:
Example 1:
This is the example to show name of person that hasBrother
x and x is the brother of vipin.
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntaxns#>
PREFIX owl: <http://www.w3.org/2002/07/owl#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX : <http://SNSOntology.owl#>
SELECT ?name ?x
WHERE { ?name :hasBrother ?x .
?x :isBrotherOf :vipin }
Example 2:
This is the example to show name of person who has sister
x and posted photo1
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntaxns#>
PREFIX owl: <http://www.w3.org/2002/07/owl#>
PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
PREFIX : <http://SNSOntology.owl#>
SELECT ?name ?x
WHERE { ?name :isSisterOf ?x .
?name :posted :photo1 }
8.
Result Analysis
We have conducted this test on the access control engine by
submitting SPARQL queries on Jena Semantic Web
Framework. The engine successfully returns only the
authorized information that is expected according to the
sample access control policy rules. We also developed a
data generator that randomly populates SNS ontology.
Table 1 shows the performance results of the prototype
access engine based on the following input parameters: the
number of users, friendship links, photos, and maximum
number of people had been tagged in a photo. Since the
inference engine that Jena provides only works in memory,
we were not able to run the experiment for very large
ontologies. Our experiments show that the first access
control inference is relatively expensive. However,
subsequent access checks are performed almost
instantaneously. This is because in the first round the
inference model caches some of the inferred axioms, which
enhances performance for subsequent inference. In fact, the
first access check can be considered as part of the
initialization phase, which can be triggered with a dummy
access request.
Table 3: Prototype Performance Results
Data Generation
Parameters
Access Times (in second)
User
Pho
to
Tag/
Phot
o
isFrien
dOf
Initia
l
First
Subsequ
ent
10
50
80
110
130
200
6
30
60
70
80
90
6
10
20
20
30
50
50
150
180
210
500
600
2.1
4.8
6.2
12.4
18.3
20.5
0.3
36.0
176.2
2116.2
4321.8
5421.6
0.004
0.004
0.006
0.008
0.008
0.009
9.
Conclusion And Future scope
In this paper, we have proposed an innovative access
control framework for SNS using ontology, an ontology
based access control model based on Semantic Web
standards that empowers the individual users of a social
networking system to express fine-grained access control
policies on their related information. We proposed
prototype ontology for SNSs to further demonstrate our
approach. The key idea in this model is to express the
policies on the relations among concepts in the social
network ontology. We have also implemented a framework
prototype of the proposed model in order to show the
applicability of our approach. Although this model provides
powerful access control features to the users of the SNSs,
even savvy users of such systems should not have to be
able to compose access control policy rules manually. An
SNS employing this framework may simply provide a user
interface similar to the current practices, but with more
flexible options to its user; then, provide the access control
engine with policy rules corresponding to the user choices.
In future research, it can be explore more to improve its
aspect in implementation, and theoretically analyze the
complexities introduced by ontological data and each
policy component; we have tested this framework on Jena
Semantic Web Framework, but it is not 100% compatible
for purposed access control policies, in future it can be
tested on real time framework environment or more
semantic web compatible framework that may be
developed in the future.
10. References
[1] R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and
C.E. Youman, “Role-based access control models,”
IEEE Computer, vol. 29, no. 2, pp. 38–47, 1996.
[2] D.F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn,
and R. Chandramouli, “Proposed NIST standard for
role-based access control,” ACM Trans. Inf. Syst.
Secur. (TISSEC), vol. 4, no. 3, pp. 224–274, 2001.
[3] ANSI, American National Standards Institute
Inc., Role Based Access Control, ANSI-INCITS
359–2004, 2004.
[4] N. Li, J.C. Mitchell, and W.H. Winsborough,
“Design of a role-based trust management
framework,” in Security and Privacy, 2002.
Proceedings. 2002 IEEE Symposium on. IEEE, 2005,
pp. 114–130.
[5] J. Park and R. Sandhu, “The UCON ABC usage
control model,” ACM Transactions on Information
and System Security (TISSEC), vol. 7, no. 1, pp. 128–
174, 2004.
[6] XACML, “OASIS eXtensible Access Control
Markup Language (XACML) V2.0 Specification
Set,” http://www.oasis-open.org/committees/xacml/,
2007.
[7] OASIS, “Security Assertion Markup Language,”
http://www.oasis-open. org/committees/security/.
[8] N. Damianou, N. Dulay, E. Lupu, and M. Sloman,
“The ponder policy specification language,” Policies
for Distributed Systems and Networks, pp. 18–38,
2001.
[9] P. Ashley, S. Hada, G. Karjoth, C. Powers, and
M. Schunter, “Enterprise privacy authorization
language (EPAL),” http://www.w3.org/Submission/
2003/SUBM-EPAL-20031110/.
[10] D.B. Chapman, E.D. Zwicky, and D. Russell,
Building internet firewalls, O’Reilly & Associates,
Inc. Sebastopol, CA, USA, 1995.
[11] M. Condell, C. Lynn, and J. Zao, “Security
policy specification language,” Internet Engineering
Task Force (IETF) Internet Draft, 2000.
[12] P. Loscocco and S. Smalley, “Integrating
flexible support for security policies into the Linux
operating system,” in Proc. 2001 USENIX Annual
Technical Conference REENIX Track, 2001, pp. 29–
40.145
[13] “AppArmor,” http://de.opensuse.org/AppArmor.
[14] G.J. Ahn, S.P. Hong, and M.E. Shin,
“Reconstructing a formal security model,”
Information and Software Technology, vol. 44, no.
11, pp. 649–657, 2002.
[15] Jan J¨urjens, “UMLsec: Extending UML for
secure systems development,” in Proceedings of the
5th International Conference on The United
Modeling Language. 2002, pp. 412–425, Springer
Verlag.
[16] K. Alghathbar and D. Wijesekera, “authUML: a
three-phased framework to analyze access control
specifications in use cases,” in Proceedings of the
2003ACM workshop on Formal methods in security
engineering. ACM, 2003, pp. 77–86.
[17] D. Mouheb, C. Talhi, M. Nouh, V. Lima, M.
Debbabi, L. Wang, and M. Pourzandi, “Aspectprinted modeling for representing and integrating
security concerns in UML,” Software Engineering
Research, Management and
Applications 2010, pp. 197–213, 2010.
[18] E.M. Clarke and J.M. Wing, “Formal methods:
State of the art and future directions,” ACM
Computing Surveys (CSUR), vol. 28, no. 4, pp. 626–
643, 1996.
[19] David G. Mitchell, A SAT Solver Primer,
EATCS Bulletin (The Logic in Computer Science
Column), Volume 85, February, pages 112-133,
2005.
[20] A. Schaad and J.D. Moffett, “A lightweight
approach to specification and analysis of role-based
access control extensions,” in Proceedings of the
seventh ACM symposium on Access control models
and technologies. ACM, 2002, pp. 13–22.
[21] B. Shafiq, A. Masood, J. Joshi, and A. Ghafoor,
“A role-based access control policy verification
framework for real-time systems,” in ObjectOriented Real-Time Dependable Systems, 2005.
WORDS 2005. 10th IEEE International Workshop
on. IEEE, 2005, pp. 13–20.
[22] M. Toahchoodee, I. Ray, K. Anastasakis, G.
Georg, and B. Bordbar, “Ensuring spatio-temporal
access control for real-world applications,” in
Proceedings of the 14th ACM symposium on Access
control models and technologies. ACM New York,
NY, USA, 2009, pp. 13–22.
[23] K. Sohr, G.J. Ahn, M. Gogolla, and L. Migge,
“Specification and validation of authorization
constraints using UML and OCL,” Lecture notes in
computer science, vol. 3679, pp. 64, 2005.
[24] D. Basin, M. Clavel, J. Doser, and M. Egea,
“Automated analysis of security design models,”
Information and Software Technology, vol. 51, no. 5,
pp. 815–831, 2009.
[25] A. Masood, A. Ghafoor, and A. Mathur,
“Scalable and effective test generation for access
control systems that employ RBAC policies,” SERCTR-285, Purdue University, 2005.
[26] E. Martin and T. Xie, “A fault model and
mutation testing of access control policies,” in
Proceedings of the 16th international conference on
World Wide Web. ACM, 2007, pp. 667–676.
[27] A. Pretschner, T. Mouelhi, and Y.L. Traon,
“Model-based tests for access control policies,” in
Proceedings of the 2008 International Conference on
Software Testing, Verification, and Validation. IEEE
Computer Society, 2008, pp. 338–347.
[28] Vipin Kumar, and Dr Sachin Kumar, “Access
Control Framework for Social Network System using
Ontology”,
International Journal of Computer
Applications (0975 – 8887) Volume 79 – No4, October
2013
[29] Amirreza Masoumzadeh, and James Joshi,
“Ontology-based access control for social network
systems” in Int. J. Information Privacy, Security and
Integrity, Vol. 1, No. 1, 2011