Abstract
Robust Usage Control (UC) mechanisms are necessary to protect sensitive data and resources, especially when these are distributed across multiple nodes or users. Existing solutions have limitations in expressing and enforcing usage control policies due to difficulties in capturing complex requirements and the lack of formal semantics necessary for automated compliance checking. To address these challenges, we propose GUCON, a generic policy framework that allows for the expression of and reasoning over granular UC policies. This is achieved by leveraging the expressiveness and semantics of graph pattern expressions, as well as the flexibility of deontic concepts. Additionally, GUCON incorporates algorithms for conflict detection, resolution, compliance and requirements checking, ensuring active policy enforcement. We demonstrate the effectiveness of our framework by proposing instantiations using SHACL, OWL and ODRL. We show how instantiations provide a bridge between abstract formalism and concrete implementations, thus allowing existing reasoners and implementations to be leveraged.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Social Linked Data: https://solidproject.org/.
- 2.
SHACL, https://www.w3.org/TR/shac.
- 3.
OWL 2, https://www.w3.org/TR/owl2-prim.
- 4.
- 5.
The functions invoked in the algorithms defined below are available here: https://github.com/Ines-Akaichi/GUCON-Instantiation/blob/main/GUCON-Appendix.pdf.
- 6.
- 7.
The following prefixes are used throughout Sect. 6: rdf:<http://www.w3.org/1999/02/22-rdf-syntax-ns#>; rdfs:<http://www.w3.org/2000/01/rdf-schema#>; owl:<http://www.w3.org/2002/07/owl#>; foaf:<http://xmlns.com/foaf/0.1/>; ex:<http://example.org/>.
- 8.
ODRL Formal Semantics, https://w3c.github.io/odrl/formal-semantics/.
- 9.
TopBraid SHACL, https://github.com/TopQuadrant/shacl.
- 10.
Trav-SHACL, https://github.com/SDM-TIB/Trav-SHACL.
- 11.
References
Al Bassit, A., Krasnashchok, K., Skhiri, S., Mustapha, M.: Policy-based automated compliance checking. In: Rules and Reasoning: 5th International Joint Conference, RuleML+RR 2021, Leuven, Belgium, 13–15 September 2021, Proceedings (2021)
Beller, S.: Deontic norms, deontic reasoning, and deontic conditionals. Think. Reason. 14(4), 305–341 (2008)
Bonatti, P., De Coi, J.L., Olmedilla, D., Sauro, L.: A rule-based trust negotiation system. IEEE Trans. Knowl. Data Eng. 22, 1507–1520 (2010)
Bonatti, P., Ioffredo, L., Petrova, I., Sauro, L., Siahaan, I.: Real-time reasoning in OWL2 for GDPR compliance. Artif. Intell. 289, 103389 (2020)
Bonatti, P., Kirrane, S., Petrova, I., Sauro, L.: Machine understandable policies and GDPR compliance checking. KI Künstliche Intelligenz 34, 303–315 (2020)
Bonatti, P.A.: Fast compliance checking in an OWL2 fragment. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence (2018)
Cao, Q.H., Giyyarpuram, M., Farahbakhsh, R., Crespi, N.: Policy-based usage control for a trustworthy data sharing platform in smart cities. Future Gener. Comput. Syst. 107, 998–1010 (2020)
Cimmino, A., Cano-Benito, J., García-Castro, R.: Practical challenges of ODRL and potential courses of action. In: Companion Proceedings of the ACM Web Conference (2023)
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Grids, P2P and Services Computing (2010)
De Vos, M., Kirrane, S., Padget, J., Satoh, K.: ODRL policy modelling and compliance checking. In: Rules and Reasoning: Third International Joint Conference, RuleML+RR 2019, Bolzano, Italy, 16–19 September 2019, Proceedings (2019)
Dimishkovska, A.: Deontic logic and legal rules. Encyclopedia of the Philosophy of Law and Social Philosophy (2017)
European Commission: 2018 reform of EU data protection rules (2018). https://ec.europa.eu/commission/sites/beta-political/files/data-protection-factsheet-changes_en.pdf
European Commission: 2021 reform of EU copyright protection rules (2021). https://ec.europa.eu/commission/presscorner/detail/en/IP_21_1807
Francesconi, E., Governatori, G.: Patterns for legal compliance checking in a decidable framework of linked open data. Artif. Intell. Law 31(3), 445–464 (2022)
e Ghazia, U., Masood, R., Shibli, M.A., Bilal, M.: Usage control model specification in XACML policy language. In: Computer Information Systems and Industrial Management (2012)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Computer Security - ESORICS (2007)
Kagal, L.: Rei: a policy language for the me-centric project. Technical report, HP Labs (2002). http://www.hpl.hp.com/techreports/2002/HPL-2002-270.html
Khandelwal, A., Bao, J., Kagal, L., Jacobi, I., Ding, L., Hendler, J.: Analyzing the air language: a semantic web (production) rule language. In: Web Reasoning and Rule Systems (2010)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010)
Lupu, E., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)
Pérez, J., Arenas, M., Gutierrez, C.: Semantics and complexity of SPARQL. In: The Semantic Web - ISWC 2006 (2006)
Prud’hommeaux, E., Seaborne, A.: SPARQL Query Language for RDF (2008). https://www.w3.org/TR/rdf-sparql-query/. W3C Recommendation 15 January 2008
Robaldo, L., Batsakis, S., Calegari, R., et al.: Compliance checking on first-order knowledge with conflicting and compensatory norms: a comparison among currently available technologies. Artif. Intell. Law (2023)
Rohde, P.D., Iglesias, E., Vidal, M.E.: SHACL-ACL: access control with SHACL. In: European Semantic Web Conference (2023)
Uszok, A., et al.: KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003)
W3C Working Group: The open digital rights language (ODRL) (2018). https://www.w3.org/TR/odrl-model/
Acknowledgements
This work is funded by the European Union Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 860801. Sabrina Kirrane is funded by the FWF Austrian Science Fund and the Internet Foundation Austria under the FWF Elise Richter and netidee SCIENCE programmes as project number V 759-N.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Akaichi, I., Flouris, G., Fundulaki, I., Kirrane, S. (2023). GUCON: A Generic Graph Pattern Based Policy Framework for Usage Control Enforcement. In: Fensel, A., Ozaki, A., Roman, D., Soylu, A. (eds) Rules and Reasoning. RuleML+RR 2023. Lecture Notes in Computer Science, vol 14244. Springer, Cham. https://doi.org/10.1007/978-3-031-45072-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-45072-3_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45071-6
Online ISBN: 978-3-031-45072-3
eBook Packages: Computer ScienceComputer Science (R0)