Journal of Information Assurance and Security. ISSN 1554-1010 Volume 9 (2014) pp. 093-103 c  MIR Labs, www.mirlabs.net/jias/index.html Flexibility vs. Security in Linked Enterprise Data Access Control Graphs Markus Graube 1 , Patricia Ortiz 2 , Manuel Carnerero 3 , Oscar L ´ azaro 2 , Mikel Uriarte 3 , Johannes Pfeffer 1 and Leon Urbas 1 1 Chair for Process Control Systems Engineering, Technische Universit¨ at Dresden, Germany markus.graube@tu-dresden.de, johannes.pfeffer@tu-dresden.de, leon.urbas@tu-dresden.de 2 R&D, ICT Unit, Innovalia Association S.A., Bilbao, Spain portiz@innovalia.com, olazaro@innovalia.com 3 R&D, Nextel S.A., Bilbao, Spain mcarnerero@nextel.es, muriarte@nextel.es Abstract: Linked Data offers easy extensibility and interoper- ability of information spaces. This provides a great potential for industrial companies allowing to share information with part- ners in a virtual enterprise. Hence, together they can become faster and more flexible which results in an advantage in the market. However, there is still the barrier to protect own infor- mation with a fine grain. Access control graphs are an approach for this issue. Information is put into different views by exe- cuting inference mechanisms on role-based policy rules. After- wards queries are automatically rewritten at runtime in order to match the generated views and provide only data from views that should be accessible by the authenticated role. This paper demonstrates the balance between flexibility and security using this approach. The amount and complexity of the policy rules are highly dependent on the information model used. However, a moderate restriction of the huge flexibility in the information modeling allows for few rules, but those are powerful ones. Ad- ditionally, the approach can also be leveraged for consistency checking of Linked Data information structures. Thus, clients can rely on these data invariants and the information provider can rely on the fact that fine grained access is granted. Keywords: Security; Flexibility; Semantic Web; Linked Data; S- PARQL; Access Control; Named Graphs I. Introduction In order to become competitive within the global market, an increase of efficiency is no longer sufficient for companies. They need to improve their cross-links to relevant collabora- tion partners. In fact, inter-enterprise collaboration through intense data sharing has become essential, especially for s- mall and medium-size enterprises, so as to acquire a crit- ical mass of resources and competencies. Communication and exchange of information are no longer instruments for process control but are key drivers of business performance, which can lead to the transformation of isolated individual companies towards an agile virtual enterprise. The explosion of the Semantic Web in recent years [1] has provided the opportunity to develop advanced technology en- ablers to support new inter-organizational collaboration mod- els towards the creation of virtual enterprises. More pre- cisely, the ComVantage 1 project explores the capabilities of Linked Data (LD) as a flexible and fast unifying approach to provide access to the data vaults of all stakeholders of a vir- tual enterprise by means of the creation of a product-centric collaboration space. Linked Data is an interesting candidate for enterprise information integration offering two main ad- vantages in comparison to other approaches [2]: • The flexibility of Linked Data makes it possible to em- ploy a model-as-you-use approach starting with a small subset of data and easy extensibility. • The semantic lifting of enterprise data towards Linked Enterprise Data (LED) is an enabler for the exploitation of the potential of semantic technologies in production. However, this approach comes with a severe disadvantage: unlimited openness and flexibility are not compatible with rigorous access control (AC) approaches to security. Indeed, the realization of such collaboration space through Linked Data poses significant challenges in terms of providing the right security controls to ensure effective access control man- agement to distributed linked information data sources that create the specific product-centric information spaces shared by the enterprises engaged in collaboration. The focus of this paper is to describe the current progress achieved with the ComVantage project in designing a securi- ty model which will enable agile inter-organization collabo- ration while keeping a balance between security and flexibil- ity using Linked Data in industrial environments. The paper will discuss and present an enhanced multi-domain security access control approach based on intelligent structuring of enterprise data through Linked Data and innovative SPAR- QL query rewriting capabilities. Some proposals in order to increase the flexibility within this security model will be pre- sented and discussed. Section 2 of this paper states the need for access control in virtual companies and provides an overview of access control 1 EU FP7 IP Project “Collaborative Manufacturing Network for Compet- itive Advantage”: www.comvantage.eu MIR Labs, USA