Representation and Reasoning on RBAC: A Description Logic Approach
نویسندگان
چکیده
Role-based access control (RBAC) is recognized as an excellent model for access control in large-scale networked applications. Formalization of RBAC in a logical approach makes it feasible to reason about a specified policy and verify its correctness. We propose a formalization of RBAC by the description logic language ALCQ. We also show that the RBAC constraints can be captured by ALCQ. Furthermore, we demonstrate how to make access control decision, perform the RBAC functions as well as check the consistency of RBAC via the description logic reasoner RACER.
منابع مشابه
Using Description Logic to Formalize Role-Based Access Control Model
Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale networked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. [1], which formally defines the relations among user, role and permission using the notion of set membership. Constraints is an important aspect of RB...
متن کاملResearch on Description Logic Based Conflict Detection Methods for RB-RBAC Model
RB-RBAC (Rule-Based RBAC) provides the mechanism to dynamically assign users to roles based on a finite set of authorization rules defined by the enterprise's security policy. The RB-RBAC family introduces negative authorization, represented by negative roles, which may bring conflict, and conflict detection and resolution become an import work in RB-RBAC policy management. We proposed a formal...
متن کاملScaling up description logic reasoning by distributed resolution
Benefits from structured knowledge representation have motivated the creation of large description logic ontologies. For accessing implicit information and avoiding errors in ontologies, reasoning services are necessary. However, the available reasoning methods suffer from scalability problems as the size of ontologies keeps growing. This thesis investigates a distributed reasoning method that ...
متن کاملUsing OWL DL Reasoning to Decide about authorization in RBAC
Role Based Access Control (RBAC) [1] is a standardized model to indirectly assign permissions to users by user roles. We follow the proposal of Chae and Shiri [2] to additionally introduce a hierarchy of object classes in addition to the hierarchy of user roles along which permissions are inherited. This makes sense, since e.g. in file systems the inheritance of permissions along the directory ...
متن کاملParallelizing Description Logic Reasoning
Parallelizing Description Logic Reasoning Kejia Wu, Ph.D. Concordia University, 2014 Description Logic has become one of the primary knowledge representation and reasoning methodologies during the last twenty years. A lot of areas are benefiting from description logic based technologies. Description logic reasoning algorithms and a number of optimization techniques for them play an important ro...
متن کامل