Goran Sladić

Context-Sensitive Access Control Model for Government Services

During the past two decades, e-government information systems have become less paper-based and more computer-based. Those information systems usually take the form of workflow systems. Due to the large social impact of e-government systems, computer security plays a pivotal role in ensuring its efficiency and effectiveness. Access control is one of the key aspects of computer security. Current access control models do not take into account the context of the system and its environment. In this article, we argue that a formal context-sensitive access control model can improve the development of e-government workflow systems and present a particular context-sensitive access control model. The subject of the article is a specification of the context-sensitive access control model for business processes (COBAC). By using a context-sensitive access control, it is possible to define more sophisticated access control policies that cannot be implemented by existing access control models. The COBACs context is modeled using Web Ontology Language (OWL) in order to provide formal representation of context, rich representation of diverse contextual information, semantic interoperability between various context-aware systems, and a high degree of inference making. The presented model is applicable in different e-government systems, and supports the definition of access control policies for both simple and complex business processes. The models prototype is verified by a case study on a real e-government business process—the national petty offense trial proceedings.

Flexible access control framework for MARC records

Purpose – The goal of this paper is to propose a data access control framework that is used for editing MARC‐based bibliographic databases. In cases where the bibliographic record editing activities carried out in libraries are complex and involve many people with different skills and expertise, a way of managing the workflow and data quality is needed. Enforcing access control can contribute to these goals.Design/methodology/approach – The proposed solution for data access control enforcement is based on the well‐studied standard role‐based access control (RBAC) model. The bibliographic data, for the purpose of this system, is represented using the XML language. The software architecture of the access control system is modelled using the Unified Modelling Language (UML).Findings – The access control framework presented in this paper represents a successful application of concepts of role‐based access control to bibliographic databases. The use of XML language for bibliographic data representation provide...

Modeling context for access control systems

Access control is one of key aspects of computer security. Current access control models do not take into account the context of the system and its environment. In this paper, we present a particular context model for the access control system primarily-intended for business processes access control. By using a context-sensitive access control, it is possible to define more sophisticated access control policies that cannot be implemented by existing access control models. The proposed context is modeled using Web Ontology Language (OWL) in order to provide: formal representation of context, rich representation of different contextual information, semantic interoperability between different context-aware systems and high degree of inference making.

PolicyDSL: Towards generic access control management based on a policy metamodel

The paper presents a generic access control management infrastructure suitable for a broad set of systems. The generic infrastructure is based on our policy metamodel (level M2), which is used for the specification of the needed policy model (level M1) such as RBAC, GTRBAC, etc. Having a defined policy model, the abstract and concrete syntaxes of PolicyDSL, our textual DSL for expressing access control policies, are dynamically generated. A security expert is then able to express the actual access control policies (level M0) for the given access control model using the generated DSL. The presented solution can be applied, with no changes, to a number of systems that are based on different access control models or their variants.

Semantic integration of enterprise information systems using meta-metadata ontology

This paper proposes a non-domain-specific metadata ontology as a core component in a semantic model-based document management system (DMS), a potential contender towards the enterprise information systems of the next generation. What we developed is the core semantic component of an ontology-driven DMS, providing a robust semantic base for describing documents’ metadata. We also enabled semantic services such as automated semantic translation of metadata from one domain to another. The core semantic base consists of three semantic layers, each one serving a different view of documents’ metadata. The core semantic component’s base layer represents a non-domain-specific metadata ontology founded on ebRIM specification. The main purpose of this ontology is to serve as a meta-metadata ontology for other domain-specific metadata ontologies. The base semantic layer provides a generic metadata view. For the sake of enabling domain-specific views of documents’ metadata, we implemented two domain-specific metadata ontologies, semantically layered on top of ebRIM, serving domain-specific views of the metadata. In order to enable semantic translation of metadata from one domain to another, we established model-to-model mappings between these semantic layers by introducing SWRL rules. Having the semantic translation of metadata automated not only allows for effortless switching between different metadata views, but also opens the door for automating the process of documents long-term archiving. For the case study, we chose judicial domain as a promising ground for improving the efficiency of the judiciary by introducing the semantics in this field.

Multilayer document model for semantic document management services

Purpose The purpose of this paper is to identify the benefits of an approach in which document management systems (DMSs) are based on a formal and explicit document model, primarily in terms of facilitating domain-specific customization. Design/methodology/approach Within this paper, a generic document model is proposed. The model consists of two layers. A general purpose layer, which represents common features of the documents, and a domain-specific layer, modeling properties particular to application domain. The general purpose layer is based on ISO 82045, providing high degree of interoperability with other systems developed with respect to this set of standard. Findings Splitting document model into the layers enables DMSs to be tailored for each particular domain of application, depending on the general purpose layer. The existence of domain-specific layer allows documents to be interpreted differently in different domains of application. Practical implications In order to enable customization of DMS for a particular domain, the implementation of domain-specific document layer is required. Also, the proposed model does not explicitly deal with document dynamics. Originality/value The proposed document ontology is general enough to provide the representation of documents not depending on a specific scope of application, yet flexible enough to enable extensions through which domain-specific document features can be expressed. The separation of document model enables development of core DMS offering services relying explicitly on the general purpose layer on one hand, as well as domain-specific customization of DMS on the other.

Applying SMT algorithms to code analysis

This paper presents an overview of tools and techniques that can be used to detect potential vulnerabilities and design flaws in computer programs by applying mathematical knowledge in solving Boolean satisfiability (SAT) problems. SMT (Satisfiability Modulo Theories) algorithms check satisfiability of given logical formulas with regards to some background theory, so we can say that SMT represents an abstraction of general SAT theory. If a computer program can be presented as a logical expression, we can use SMT process to discover input values that can lead it to an inconsistent state. Obtaining logical structures from programming code can be done by symbolic execution techniques, which transform program execution flow to Boolean expressions suitable for analysis using SMT solving software. This paper proposes usage of Binary Analysis Platform (BAP) for symbolic execution and Z3 SMT Solver as SMT solving software.

A machine-readable description of generic instructional strategies in e-courses

The paper describes a language for specifying generic and content‐neutral instructional strategies in e‐courses. The language has been designed to be generic, instructionally expressive, and machine‐readable. The paper presents the language syntax, case study on representative instructional strategies and an evaluation of the language characteristics.

Network Monitoring Using Intelligent Mobile Agents

Network monitoring is a critical issue in today’s rapidly changing network environment. Existing centralized client-server based network management frameworks suffer from problems such as insufficient scalability, interoperability, reliability, and flexibility, as networks become more geographically distributed. This work describes implementation of the agent-based system for network components and services monitoring. The system is designed in a modular fashion to provide easy and efficient inclusion of diverse monitoring objects. Several types of the intelligent agents are defined to perform efficient monitoring of diverse network components, services and applications using different monitoring protocols. In proposed architecture, we use an ontology for representation of monitoring information to provide semantics for building an underlying knowledge base that not only allows agents to communicate, but also to reason with each other, enabling the desired tasks to be performed collaboratively. The system implementation is based on the XJAF (Extensible Java-based Agent Framework) agent framework and the Java EE technology.