Towards a security framework for the semantic web

Abstract

With the increasing use of the Web and the need to automate, interoperate, and reason about resources and services on the Web, the Semantic Web aims to provide solutions for the future needs of World Wide Web computing. However, the autonomous, dynamic, open, distributed and heterogeneous nature of the Semantic Web introduces new security challenges. Various security standards and mechanisms exist that address different security aspects of the current Web and Internet, but these have not been integrated to address security aspects of the Semantic Web specifically. Hence, there is a need to have a security framework that integrates these disparate security tools to provide a holistic, secure environment for the Semantic Web. This study proposes a security framework that provides various security functionalities to Semantic Web entities, namely, agents, Web services and Web resources. The study commences with a literature survey carried out in order to establish security aspects related to the Semantic Web. In addition, requirements for a security framework for the Semantic Web are extracted from the literature. This is followed by a model-building study that is used to compile a security framework for the Semantic Web. In order to prove the feasibility thereof, the framework is then applied to different application scenarios as a proof-of-concept. Following the results of the evaluation, it is possible to argue that the proposed security framework allows for the description of security concepts and service workflows, reasoning about security concepts and policies, as well as the specification of security policies, security services and security mechanisms. The security framework is therefore useful in addressing the identified security requirements of the Semantic Web.