-
Notifications
You must be signed in to change notification settings - Fork 0
Home
About The Project
We have focused on the design of an Access Control Model for Ontology Based Systems [4 , 5]. More specifically, we have explored various techniques of Access Control Model for Semantic Webs with specific attention to Digital Library ontology metadata. We have considered a digital library ontology, as a collection of related concepts connected through semantic links and arranged as a directed acyclic graph. Moreover, inheritance property considered in my research effort ensures that among concepts, information flows from lower concepts to higher concepts along the hierarchy where as any authorisation/restriction specified on a concept is inherited in the opposite direction. In other words, a restriction imposed on higher concepts are inherited by lower concepts along the hierarchy. Since my study is mainly concerned with digital library ontology, from access control point of view it has been considered as an open system. So by default, all concepts can be accessed by all users. If a user is not permitted to access any concept, exclusive negative authorisation has to be imposed [1]. So, We have proposed and designed a new Digital Library architecture that supports poly-hierarchic ontology structure where a child concept representing an interdisciplinary subject area can have multiple parent concepts. Since, the proposed Digital Library Architecture considers poly-hierarchy, the underlying hierarchical structure becomes a Directed Acyclic Graph instead of a tree. Presence of multiple parent concepts for a child concept C provides a document classification facility according to the interest of each parent concept [6]. Thus a user accessing through a path involving any of the parent concepts would have a smaller search space within its relevant document classes only. The research effort then proposes an access control mechanism for controlled access to different concepts by different users depending on the authorisations available to each such user. Authorisations to a user depends on the credential of the concerned user. The proposed model thus provides a better knowledge representation and faster searching possibility of documents for modern Digital Libraries with controlled access to the system. It has further been shown that the proposed access control model may give rise to undecidability problem. A client specific view generation mechanism has been developed to solve the problem. So far, my research effort has made three major contributions. First, it provides better knowledge representation for present day digital libraries, since new interdisciplinary subject areas are getting introduced. Concepts representing interdisciplinary subject areas will have multiple parents and consequently, the library ontology introduces new set of nodes representing document classes and thus provides faster search mechanism. Secondly, a new access control model has been introduced for the ontology structure where a user gets authorisations to access a concept node only if its credential supports it. Lastly, a client based view generation algorithm has been developed so that a client’s access remains limited to its view and avoids any possibility of undecidability in authorisation specification. So far the study was limited to individual users. Similar users (users having same set of authorisations) were then grouped to form User Groups and they have been arranged in a hierarchy. Instead of Role hierarchy, a User hierarchy has been used since only Read access has been considered for a library. This consideration increases the complexity of the access control system since access to a concept now involves an interplay of two hierarchies: concept and user-group. Solution of any access control related conflict arising out of this system considers both static and dynamic separation of duty. During the design part I have considered Static SOD and resolved all the static conflicts. However, dynamic separation of duties, need to be resolved on the fly. I have introduced two dual matrices, i.e. concept to concept and User-Group to User-Group mapping, which represents the non-conflicting User-Group and concepts, through which a safe state can be achieved.
References 🎱
Journals :
- Subhasis Dasgupta , Pinakpani Pal, Chandan Mazumdar, Aditya Bagchi , Resolving Authorisation Conflicts by Ontology Views for Controlled Access to a Digital Library, Journal of Knowledge Management (Accepted for Volume 18, Number 1, 2015 ).
- Subhasis Dasgupta, Aditya Bagchi: Controlling Access to a Digital Library Ontology - A Graph Transformation Approach. International Journal of Next-Generation Computing (IJNGC) 5(1) (2014), pp 22 - 42
- . Conferences :
- Subhasis Dasgupta, Aditya Bagchi: A Graph-Based Formalism for Controlling Access to a Digital Library Ontology. Computer Information Systems and Industrial Management - 11th IFIP TC 8 International Conference, CISIM 2012, Venice, Italy, September 26-28, Lecture Notes in Computer Science, Volume 7564 PP 111-122, Springer
- Subhasis Dasgupta; Aditya Bagchi, Resolving conflicts between role-hierarchy and concept-hierarchy in a Digital Library ontology, Emerging Applications of Information Technology (EAIT), 2012 Third International Conference on , vol., no., pp.443,446, Nov. 30 2012-Dec. 1 2012 doi: 10.1109/EAIT.2012.6408004
- Subhasis Dasgupta, Aditya Bagchi: Controlled Access over Documents for Concepts Having Multiple Parents in a Digital Library Ontology. Computer Information Systems - Analysis and Technologies - 10th International Conference, CISIM 2011, Kolkata, India, December 14-16, 2011. Proceedings: Communications in Computer and Information Science (CCIS) Volume 245, PP 277-285, Springer http:// dx.doi.org/10.1007/978-3-642-27245-5_33