Using OWL and SWRL to represent and reason with situation-based access control policies

Access control is a central problem in confidentiality management, in particular in the healthcare domain, where many stakeholders require access to patients' health records. Situation-Based Access Control (SitBAC) is a conceptual model that allows for modeling healthcare scenarios of data-access requests; thus it can be used to formulate data-access policies, where health organizations can specify their regulations involving access to patients' data according to the context of the request. The model's central concept is the Situation, a formal representation of a patient's data-access scenario.In this paper, we present the SitBAC knowledge framework, a formal healthcare-oriented, context-based access-control framework that makes it possible to represent and implement SitBAC as a knowledge model along with an associated inference method, using OWL and SWRL. Within the SitBAC knowledge framework, scenarios of data access are represented as formal Web Ontology language (OWL)-based Situation classes, formulating data-access rule classes. A set of data-access rule classes makes up the organization's data-access policy. An incoming data-access request, represented as an individual of an OWL-based Situation class, is evaluated by the inference method against the data-access policy to produce an ‘approved/denied’ response. The method uses a Description Logics (DL)-reasoner and a Semantic Web Rule Language (SWRL) engine during the inference process. The DL reasoner is used for knowledge classification and for real-time realization of the incoming data-access request as a member of an existing Situation class to infer the appropriate response. The SWRL engine is used to infer new knowledge regarding the incoming data-access requests, which are required for the realization process.We evaluated the ability of the SitBAC knowledge framework to provide correct responses by representing and reasoning with real-life healthcare scenarios.