An Ontological Template for Context Expressions in Attribute-based Access Control Policies

By taking up the cloud computing paradigm enterprises are able to realise significant cost savings whilst increasing their agility and productivity. However, due to security concerns, many enterprises are reluctant to migrate their critical data and operations to the cloud. One way to alleviate these concerns is to devise suitable policies that infuse adequate access controls into cloud services. However, the dynamicity inherent in cloud environments, coupled with the heterogeneous nature of cloud services, hinders the formulation of effective and interoperable access control policies that are suitable for the underlying domain of application. To this end, this work proposes an ontological template for the semantic representation of context expressions in access control policies. This template is underpinned by a suitable set of interrelated concepts that generically capture a wide range of contextual knowledge that must be considered during the evaluation of policies.