An ontological framework for situation-aware access control of software services

Situation-aware applications need to capture relevant context information and user intention or purpose, to provide situation-specific access to software services. As such, a situation-aware access control approach coupled with purpose-oriented information is of critical importance. However, modelling purpose-oriented situations is a challenging task. Existing modelling approaches for situation-aware systems are not adequate to express purpose-oriented situations. Furthermore, existing context/situation-aware access control approaches are highly domain-specific and do not consider purpose-oriented information. In this paper we consider purpose-oriented situations rather than conventional situations (e.g., user's state) in proposing a generic situation-aware access control framework for software services. We take situation to mean the states of the entities and their relationships that are relevant to the purpose of a resource access request. Our framework includes a situation model specific to access control, identifying the relevant purposeoriented situation information. Using the situation model, the policy model of the framework provides support for specifying and enforcing situation-aware access control policies. A software prototype has been developed to demonstrate the practical applicability of the framework. In addition, we demonstrate the general applicability of our framework through two case studies from different domains. Experiments are conducted to quantify the performance overhead of providing such situation-aware access control for