OWL-based representation and enforcement of data access policies

During the last years, policies have become a widespread approach for regulating access to data and managing privacy and security for a large number of multi- agent systems. The increasing amount of data, especially on the Web, requires the definition of more and more complex access norms, and policies seem to provide a suitable solution to this issue. A policy-based approach introduces many important features in access control, as support to dynamic change of policies at run-time, and brings benefits in terms of expressiveness, scalability, efficiency, flexibility, extensi- bility, context-sensitivity and verifiability. The aim of this thesis is to define a unified framework for expressing and en- forcing policies, combining the standard XACML architecture and policy language with the benefits of OWL ontologies and reasoning technologies. A complete cen- tralized architecture has been defined, and a prototype of some of its modules has been successfully developed. A working algorithm for automatically translating XACML policies into corresponding OWL axioms has been defined, together with a complete access decision procedure. Although performance issues have been en- countered, promising solutions have been elaborated in order to make the frame- work suitable to be applied to real environments.