Abstract
An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships in the domains of subjects, objects, and actions. In this paper, we propose a logic based access control model for specification and inference of history-constrained access policies in conceptual level of Semantic Web. The proposed model (named TDLBAC-2) enables authorities to state policy rules based on the history of users’ accesses using a temporal description logic called \(\mathcal{DLR}_{US}\). The expressive power of the model is shown through seven different patterns for stating history-constrained access policies. The designed access decision algorithm of the model leverages the inference services of \(\mathcal{DLR}_{US}\), which facilitates the implementation of an enforcement system working based on the proposed model. Sound inference, history-awareness, ability to define access policies in conceptual level, and preciseness are the main advantages of the proposed model.
Thanks to ITRC (Iran Telecommunication Research Center) for partial support of this work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Javanmardi, S., Amini, M., Jalili, R., GanjiSaffar, Y.: SBAC: A Semantic–Based Access Control Model. In: Proceedings of the 11th Nordic Workshop on Secure IT-Systems, NordSec2006, Linkping, Sweden:[sn], pp. 157–168 (2006)
Ravari, A.N., Amini, M., Jalili, R.: A Semantic Aware Access Control Model with Real Time Constraints on History of Accesses. In: International Multiconference on Computer Science and Information Technology, pp. 827–836 (2008)
Faghih, F., Amini, M., Jalili, R.: A Temporal Description Logic Based Access Control Model for Expressing History Constrained Policies in Semantic Web. In: Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 142–149. IEEE Computer Society, Los Alamitos (2009)
Kołaczek, G.: Application of Deontic Logic in Role–Based Access Control. Int. J. Appl. Math. Comput. Sci. 12(2), 269–275 (2002)
Chae, J.: Towards Modal Logic Formalization of Role-Based Access Control with Object Classes. In: Derrick, J., Vain, J. (eds.) FORTE 2007. LNCS, vol. 4574, p. 97. Springer, Heidelberg (2007)
Baader, F., Horrocks, I., Sattler, U.: Description logics as ontology languages for the semantic web. LNCS (LNAI), pp. 228–248. Springer, Heidelberg (2005)
Artale, A., Franconi, E., Wolter, F., Zakharyaschev, M.: A temporal description logic for reasoning over conceptual schemas and queries. LNCS, pp. 98–110. Springer, Heidelberg (2002)
Artale, A., Franconi, E., Mosurovic, M., Wolter, F., Zakharyaschev, M.: The DLRUS temporal description logic. In: Proceedings of the 2001 Description Logic Workshop (DL 2001), Citeseer, pp. 96–105 (2001)
Baader, F., Calvanese, D., McGuinness, D.L., Patel-Schneider, P., Nardi, D.: The description logic handbook: theory, implementation, and applications. Cambridge Univ. Pr., Cambridge (2003)
Calvanese, D., De Giacomo, G., Lembo, D., Lenzerini, M., Rosati, R.: Data complexity of query answering in description logics. In: Proc. of the 10th Int. Conf. on the Principles of Knowledge Representation and Reasoning (KR 2006), pp. 260–270 (2006)
Calvanese, D., De Giacomo, G., Lenzerini, M.: Conjunctive query containment and answering under description logic constraints. ACM Transactions on Computational Logic (TOCL)Â 9(3), 22 (2008)
Brewer, D.F.C., Nash, M.J.: The Chinese wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, Citeseer, pp. 206–214 (1989)
Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 38–48. ACM, New York (1998)
Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, Citeseer, pp. 107–121 (2003)
Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security (TISSEC)Â 2(1), 104 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Faghih, F., Amini, M., Jalili, R. (2010). Specification of History Based Constraints for Access Control in Conceptual Level. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-17714-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17713-2
Online ISBN: 978-3-642-17714-9
eBook Packages: Computer ScienceComputer Science (R0)