Access Policy Design Supported by FCA Methods

Dau, Frithjof; Knechtel, Martin

doi:10.1007/978-3-642-03079-6_11

Frithjof Dau²² &
Martin Knechtel²²

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 5662))

Included in the following conference series:

International Conference on Conceptual Structures

628 Accesses
8 Citations

Abstract

Role Based Access Control (RBAC) is a methodology for providing users in an IT system specific permissions like write or read to users. It abstracts from specific users and binds permissions to user roles. Similarly, one can abstract from specific documents and bind permission to document types.

In this paper, we apply Description Logics (DLs) to formalize RBAC. We provide a thorough discussion on different possible interpretations of RBAC matrices and how DLs can be used to capture the RBAC constraints. We show moreover that with DLs, we can express more intended constraints than it can be done in the common RBAC approach, thus proving the benefit of using DLs in the RBAC setting. For deriving additional constraints, we introduce a strict methodology, based on attribute exploration method known from Formal Concept Analysis. The attribute exploration allows to systematically finding unintended implications and to deriving constraints and making them explicit. Finally, we apply our approach to a real-life example.

This research was funded by the German Federal Ministry of Economics and Technology under the promotional reference 01MQ07012 and the German Federal Ministry of Education and Research under grant number 01IA08001A.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (1971)
Google Scholar
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: RBAC 2000: Proceedings of the fifth ACM workshop on Role-based access control, pp. 47–63. ACM Press, New York (2000)
Chapter Google Scholar
Saunders, G., Hitchens, M., Varadharajan, V.: Role-based access control and the access control matrix. SIGOPS Oper. Syst. Rev. 35(4), 6–20 (2001)
Article Google Scholar
Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation and Applications, 2nd edn. Cambridge University Press, Cambridge (2007)
Book MATH Google Scholar
Knechtel, M., Hladik, J.: RBAC authorization decision with DL reasoning. In: ICWI 2008: Proceedings of the IADIS Int. Conf. WWW/Internet (2008)
Google Scholar
Knechtel, M., Hladik, J., Dau, F.: Using OWL DL reasoning to decide about authorization in RBAC. In: OWLED 2008: Proceedings of the OWLED 2008 Workshop on OWL: Experiences and Directions (2008)
Google Scholar
Baader, F., Ganter, B., Sattler, U., Sertkaya, B.: Completing description logic knowledge bases using formal concept analysis. In: Proceedings of the Twentieth Int. Joint Conf. on Artificial Intelligence (IJCAI 2007). AAAI Press, Menlo Park (2007)
Google Scholar
Lutz, C., Sattler, U.: Mary likes all cats. In: Baader, F., Sattler, U. (eds.) Proceedings of the 2000 Int. Workshop in Description Logics (DL 2000), Aachen, Germany, August 2000. CEUR-WS, vol. 33, pp. 213–226. RWTH Aachen (2000), http://SunSITE.Informatik.RWTH-Aachen.DE/Publications/CEUR-WS/Vol-33/
Rudolph, S., Krötzsch, M., Hitzler, P.: All elephants are bigger than all mice. In: Proceedings of the 21st International Workshop on Description Logics (DL 2008) (2008)
Google Scholar
Ganter, B., Obiedkov, S.A.: Implications in triadic formal contexts. In: Wolff, K.E., Pfeiffer, H.D., Delugach, H.S. (eds.) ICCS 2004. LNCS, vol. 3127, pp. 186–195. Springer, Heidelberg (2004)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

SAP AG, SAP Research CEC Dresden, Germany
Frithjof Dau & Martin Knechtel

Authors

Frithjof Dau
View author publications
You can also search for this author in PubMed Google Scholar
Martin Knechtel
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institut AIFB, Universität Karlsruhe (TH), 76128, Karlsruhe, Germany
Sebastian Rudolph
SAP Research Center CEC Dresden, Chemnitzer Strasse 48, 01187, Dresden, Germany
Frithjof Dau
Higher School of Economics, Department of Applied Mathematics and Information Science, State University, Kirpichnaya 33/5, 105679, Moscow, Russia
Sergei O. Kuznetsov

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Dau, F., Knechtel, M. (2009). Access Policy Design Supported by FCA Methods. In: Rudolph, S., Dau, F., Kuznetsov, S.O. (eds) Conceptual Structures: Leveraging Semantic Technologies. ICCS 2009. Lecture Notes in Computer Science(), vol 5662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03079-6_11

Download citation

DOI: https://doi.org/10.1007/978-3-642-03079-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03078-9
Online ISBN: 978-3-642-03079-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics