Skip to main content
SpringerLink
Log in

Incorporating Policy-Based Authorization Framework in Audit Rule Ontology for Continuous Process Auditing in Complex Distributed Systems

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2014 Workshops (OTM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8842))

Abstract

Complex distributed information systems that run their activities in the form of processes require continuous auditing of a process that invokes the action(s) specified in the policies and rules in a continuous manner. A shared vocabulary, or common ontology, used to defined the processes, and the audit rule ontology for processes or modules are integrated to form a hybrid ontology that supports the acquisition and evolution of ontologies. A methodology to construct a Common Ontology and an audit rule ontology by coupling to an expert system for Continuous Process Auditing (CPA) has been introduced recently. In this paper, we present a policy-based authorization methodology incorporating Audit Rule Ontology for CPA within distributed audit rule ontology. We also propose the use of probabilistic risk determination and evaluation of risk level, along with access history heuristics that define the adaptable access control policies before making policy decisions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gruber, T.: A translation approach to portable ontology specifications. Knowledge Acquisition 5(2), 199–220 (1993)

    Article  Google Scholar 

  2. Horrocks, I.: Daml+oil: A description logic for the semantic web. IEEE Data Enggineering 25(1), 4–9 (2002)

    MathSciNet  Google Scholar 

  3. Harmelen, F., Fensel, D.: Practical knowledge representation for the web. In: Proc. 16th Int’l Joint Conf. Artificial Intelligence (1999)

    Google Scholar 

  4. Baksa, R., Turoff, M.: Continuous auditing as a foundation for real time decision support - implementation challenges and successes. Annals of Information Systems Supporting Real Time Decision-Making 13, 237–252 (2011)

    Article  Google Scholar 

  5. Valencia-Garcia, R., et al.: An incremental approach for discovering medical knowledge from texts. Expert Systems with Applications 26(3), 291–299 (2004)

    Article  Google Scholar 

  6. Wache, H., et al.: Ontology-based integration of information - a survey of existing approaches. In: Proceedings - IJCAI Workshop, pp. 108–117 (2001)

    Google Scholar 

  7. Klein, M.: Combining and relating ontologies: an analysis of problems and solutions. In: Proceedings - IJCAI Workshop, pp. 53–62 (2001)

    Google Scholar 

  8. Subhani, N., Kent, R.: Novel design approach to build audit rule ontology for healthcare decision support systems. In: International Conference on E-Learning, E-Business, Enterprise Information Systems, and E-Government, pp. 133–138 (July 2014)

    Google Scholar 

  9. Jean, S., Pierra, G., Ait Ameur, Y.: A domain ontologies: A database-oriented analysis. In: Jean, S., Pierra, G., Ait-Ameur, Y. (eds.) WEBIST 2005/2006. LNBIP, vol. 1, pp. 238–254. Springer, Heidelberg (2007)

    Google Scholar 

  10. Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: A policy system for autonomuous pervasive environments. In: International Conference on Autonomic and Autonomous Systems, pp. 330–335 (2009)

    Google Scholar 

  11. Singh, S., Singh, K., Kaur, H.: Design and evaluation of policy based authorization model for large scale distributed systems. IJCSNS International Journal of Computer Science and Network Security 9(11), 49–55 (2009)

    Google Scholar 

  12. Cao, J., Chen, J., Zhao, H., Li, M.: A policy-based authorization model for workflow-enabled dynamic process management. Journal of Network and Computer Applications 32(2), 412–422 (2009)

    Article  Google Scholar 

  13. Kandala, S., Sandhu, R., Bhamidipati, V.: An attribute based framework for risk-adaptive access control models. In: Availability, Reliability and Security (ARES), pp. 236–241 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Windsor, 401 Sunset Ave, Windsor, Ontario, N9B 3P4, Canada

    Numanul Subhani & Robert Kent

Authors
  1. Numanul Subhani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Kent
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TU Graz, Rechbauerstraße 12, 8010, Graz, Austria

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Department of Software Engineering, Atilim Univeristy, Kızılcaşar Mh Mh, 06830, Ankara, Turkey

    Alok Mishra

  4. Facultad de Informática, Universidad de Murcia, Campus de Espinardo, 30100, Murcia, Spain

    Rafael Valencia-García

  5. Dep. of Informatics Engineering, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    António Lucas Soares

  6. SIGMA / LIG, Joseph Fourier University, 220 Rue de la Chimie, BP 53, 38041, Grenoble Cedex 9, France

    Ioana Ciuciu

  7. Institute for Research on Population and Social, National Research Council, Policies, Via Palestro 32, 00185, Rome, Italy

    Fernando Ferri

  8. Dep. Business Informatics, Communications Engineering, Johannes Kepler University, Freistaedterstrasse 315, 4040, Linz, Austria

    Georg Weichhart

  9. STINA Business Solutions GmbH, Schottenfeldgasse 63/2, 1070, Wien, Austria

    Thomas Moser

  10. SAP Research, 805 avenue du Dr Donat, 06259, Sophia-Antipolis, Mougins, France

    Michele Bezzi

  11. Department of Computing, Hong Kong Polytechnic University, PQ806, Mong Man Wai Building, Hong Kong,, China

    Henry Chan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Subhani, N., Kent, R. (2014). Incorporating Policy-Based Authorization Framework in Audit Rule Ontology for Continuous Process Auditing in Complex Distributed Systems. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2014 Workshops. OTM 2014. Lecture Notes in Computer Science, vol 8842. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45550-0_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45550-0_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45549-4

  • Online ISBN: 978-3-662-45550-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation