A Framework for Situation-Aware Access Control in Federated Data-as-a-Service Systems Based on Query Rewriting

Abstract

Organizations often need to share mission-dependent data in a secure and flexible way. Examples include contact tracing for a contagious disease such as COVID19, maritime search and rescue operations, or creating a collaborative bid for a contract. In such examples, the ability to access data may need to change dynamically, depending on the situation of a mission (e.g., whether a person tested positive for a disease, a ship is in distress, or a bid offer with given properties needs to be created). We present a novel framework to enable situation-aware access control in a federated Data-as-a-Service architecture by using semantic web technologies. Our framework allows distributed query rewriting and semantic reasoning that automatically adds situation based constraints to ensure that users can only see results that they are allowed to access. We have validated our framework by applying it to two dynamic use cases: maritime search and rescue operations and contact tracing for surveillance of a contagious disease. This paper details our implemented solution and experimental results of the two use cases. Our framework can be adopted by organizations that need to share sensitive data securely during dynamic, limited duration scenarios.