An ontological framework for situation-aware access control of software services

•The definition and identification of the purposes of users׳ access requests for software services in terms of context information.•A situation model for defining, identifying and reasoning about purpose-oriented situations in terms of context information and access purpose.•A policy model for specifying and enforcing situation-aware access control policies.•An ontology-based framework and prototype implementation to model and identify the purposes, situations and policies for access control.•The case studies demonstrate the general applicability of our framework and the experiment results quantify system performance.

Situation-aware applications need to capture relevant context information and user intention or purpose, to provide situation-specific access to software services. As such, a situation-aware access control approach coupled with purpose-oriented information is of critical importance. However, modelling purpose-oriented situations is a challenging task. Existing modelling approaches for situation-aware systems are not adequate to express purpose-oriented situations. Furthermore, existing context/situation-aware access control approaches are highly domain-specific and do not consider purpose-oriented information. In this paper we consider purpose-oriented situations rather than conventional situations (e.g., user׳s state) in proposing a generic situation-aware access control framework for software services. We take situation to mean the states of the entities and their relationships that are relevant to the purpose of a resource access request. Our framework includes a situation model specific to access control, identifying the relevant purpose-oriented situation information. Using the situation model, the policy model of the framework provides support for specifying and enforcing situation-aware access control policies. A software prototype has been developed to demonstrate the practical applicability of the framework. In addition, we demonstrate the general applicability of our framework through two case studies from different domains. Experiments are conducted to quantify the performance overhead of providing such situation-aware access control for software services.