Title: Log content extraction engine based on ontology for the purpose of a posteriori access control

Authors: Hanieh Azkia; Nora Cuppens-Boulahia; Frédéric Cuppens; Gouenou Coatrieux

Addresses: IT/Telecom Bretagne, 2, Rue de la Châtaigneraie, Cesson Sévigné 35576, France ' IT/Telecom Bretagne, 2, Rue de la Châtaigneraie, Cesson Sévigné 35576, France ' IT/Telecom Bretagne, 2, Rue de la Châtaigneraie, Cesson Sévigné 35576, France ' IT/Telecom Bretagne, 2, Rue de la Châtaigneraie, Cesson Sévigné 35576, France

Abstract: In some complex information systems, users do not undergo untimely access controls. Generally, whenever they perform an action, this action is logged by the target system. Based on these log files, a security control called a posteriori access control is made afterwards. The logged data can be recorded in different formats (Syslog, W3C extend log, specific domain log standard like IHE-ATNA, etc.). An a posteriori security control framework requires a log filtering engine which extracts useful information regardless of the log format used. In this paper, we define and enforce this extraction function by building an ontology model of logs. This logs ontology is queried to check the compliance of actions performed by the users of the considered system with its access control policy (violations, anomalies, fulfilments, etc.). We show how the a posteriori security controls are made effective and how security decisions are made easier based on this extraction function.

Keywords: ontology; access control; SPARQL; simple protocol; RDF query language; IHE-ATNA; log content extraction; security control; log filtering; information systems.

DOI: 10.1504/IJKL.2014.067149

International Journal of Knowledge and Learning, 2014 Vol.9 No.1/2, pp.23 - 42

Received: 31 May 2013
Accepted: 17 Jan 2014
Published online: 31 Jan 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article