Advertisement

Applied Intelligence

, Volume 36, Issue 1, pp 190–207 | Cite as

A dynamic access control model

  • Narhimene Boustia
  • Aicha Mokhtari
Article

Abstract

The proposed dynamic access control model is based on description logic (DL) augmented with a default (δ) and an exception (ε) operator to capture context features. Currently, this model has an expressivity almost comparable to OrBAC system (OrBAC (Organization Based Access Control) has been formalized in first order logic), all features needed for real attribution of authorization, i.e., assigning authorization to a user according to its role in an organization in a given context. A notable difference of our model is the allowing of composed context, the addition of new context and the deduction of new authorization depending on context.

Keywords

Access control OrBAC model Dynamic context Description logic Defaults and exceptions Nonmonotonic reasonner 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Sandhu R, Coyne EJ, Feinstein HL, Youman CE (1996) Role based access control models. IEEE Trans Comput 29(2):38–47 Google Scholar
  2. 2.
    Ferraiolo D, Sandhu R, Gavrila S, Kuhn D, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274 CrossRefGoogle Scholar
  3. 3.
    Li N, Mitchell J, Winsborough W (2002) Design of a role-based trust-management framework, pp 114–130 Google Scholar
  4. 4.
    Abou El Kalam A, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. In: 4th IEEE international workshop on policies for distributed systems and networks (Policy’03), Lake Come, Italy, June 2003 Google Scholar
  5. 5.
    Moses T et al (2005) eXtensible Access Control Markup Language (XACML) version 2.0. OASIS Standard 200502 Google Scholar
  6. 6.
    Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: Lecture notes in computer science, vol 1995 Google Scholar
  7. 7.
    Jajodia S, Samarati P, Subrahmanian V (2007) A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE symposium on security and privacy Google Scholar
  8. 8.
    Kagal L, Finin T, Joshi A (2003) A policy language for pervasive systems. In: 4th IEEE international workshop on policies for distributed systems and networks Google Scholar
  9. 9.
    Tonti G, Bradshaw JM, Jeffers R, Montanar R, Suril N, Uszokl A (2003) Semantic web languages for policy representation and reasoning: a comparison of Kaos, Rei and Ponder. In: Proceedings of the 2nd international semantic web conference (ISWC2003). Springer, Berlin Google Scholar
  10. 10.
    Cuppens F, Miège A (2003) Modelling contexts in the ORBAC model. In: 19th annual computer security applications conference, Las Vegas, December 2003 Google Scholar
  11. 11.
    Coupey F, Fouqueré C (1997) Extending conceptual definitions with default knowledge. Comput Intell 13(2) Google Scholar
  12. 12.
    Baader F, McGuiness DL, Nardi D, Schneider PF (2008) The description logic handbook: theory, implementation and applications. Cambridge University Press, Cambridge Google Scholar
  13. 13.
    Brachman RJ, McGuinness DL, Patel-Schneider PF, Alperin Resnick L, Borgidan A (1991) Living with CLASSIC: when and how to use a KL-ONE-like language. In: Sowa J (ed) Principles of semantic networks: explorations in the representation of knowledge. Morgan Kaufmann, San Mateo, pp 401–456 Google Scholar
  14. 14.
    Brachman RJ, McGuinness DL, Alperin Resnick L, Borgida A (1989) CLASSIC: a structural data model for objects. In: Proceedings of the 1989 ACM SIGMOD international conference on management of data, June 1989, pp 59–67 Google Scholar
  15. 15.
  16. 16.
  17. 17.
  18. 18.
  19. 19.
  20. 20.
    Reiter R (1980) A logic for default reasoning. Artif Intell 13(1–2):81–132 CrossRefMATHMathSciNetGoogle Scholar
  21. 21.
    Quantz J et al (1992) A preference semantics for defaults in terminological logics. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 294–305 Google Scholar
  22. 22.
    Padgham L et al (1993) Combining classification and nonmonotonic inheritance reasoning: a first step. In: 7th international symposium on methodologies for intelligent systems, Trondheim, Norway, pp 15–18 Google Scholar
  23. 23.
    Padgham L et al (1993) A terminological logic with defaults: a definition and an application. In: 13th international joint conference on artificial intelligence, Chambéry, France, pp 663–668 Google Scholar
  24. 24.
    Baader F et al (1992) Embedding defaults into termilogical knowledge representation formalisms. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 306–317 Google Scholar
  25. 25.
    Baader F et al (1995) Embedding defaults into termilogical knowledge representation formalisms. J Autom Reason 14(1):149–180 CrossRefMathSciNetGoogle Scholar
  26. 26.
    Straccia U (1993) Default inheritance reasoning in hybrid KL-ONE-style logics. In: IJCAI’93. Morgan Kaufmann, San Mateo, pp 676–681 Google Scholar
  27. 27.
    Donini FM et al (2002) Description logics of minimal knowledge and negation as failure. ACM Trans Comput Log 3(2):177–225 CrossRefMathSciNetGoogle Scholar
  28. 28.
    Donini FM et al (1998) An epistemic operator for description logics. Artif Intell 100(1–2):225–274 CrossRefMATHMathSciNetGoogle Scholar
  29. 29.
    Cadoli M et al (1990) Closed word reasoning in hybrid systems. In: Methodologies for intelligent systems (ISMIS’90). North Holland, Amsterdam, pp 474–481 Google Scholar
  30. 30.
    Bonatti PA et al (2006) Expressive non-monotonic description logics based on circumscription. In: KR’06. AAAI Press, Menlo Park, pp 400–410 Google Scholar
  31. 31.
    Gomez S et al (2008) An argumentative approach to reasoning with inconsistent ontologies. In: KROW’08, CRPIT, vol 90. ACS, pp 11–20 Google Scholar
  32. 32.
    Eiter T et al (2009) Realizing default logic over description logic knowledge bases*. In: ECSQARU’09, pp 602–613 Google Scholar
  33. 33.
    Haarslev V et al (2001) Racer system description. In: IJCAR’01. Springer, Berlin, pp 701–706 Google Scholar
  34. 34.
    Brachman RJ (1978) A structural paradigm for representing knowledge. In: Technical report 3605, BBN Report Google Scholar
  35. 35.
    Zhao C et al (2005) Representation and reasoning on RBAC: a description logic approach. In: Theoretical aspects of computing, ICTAC Google Scholar
  36. 36.
    Knechtel M et al (2008) RBAC authorization decision with DL reasoning. In: Proceedings of the IADIS international conference WWW/Internet Google Scholar
  37. 37.
    Finin T et al (2008) ROWLBAC—representing role based access control in OWL. In: Proceedings of the 13th symposium on access control models and technologies, June 2008 Google Scholar
  38. 38.
    Finin T et al (2008) Role based access control and OWL. In: Proceedings of the fourth OWL: experiences and directions workshop, April 2008 Google Scholar
  39. 39.
    Knechtel M et al (2008) Using OWL DL reasoning to decide about authorization in RBAC. In: Proceedings of the OWLED 2008 workshop on OWL: experiences and directions Google Scholar
  40. 40.
    Yastrebov I (2009) Dynamic authorization specification for RBAC in CERN. In: CERN-BE-Note-2009-037 (CO) Google Scholar
  41. 41.
    Boustia N, Mokhtari A (2009) \(\mathit{JClassic}^{-}_{\delta \epsilon}\): a non monotonic reasoning system. In: Internal repost No 21-09, LRIA, USTHB, Algeria Google Scholar
  42. 42.
    Boustia N, Mokhtari A (2008) Representation and reasoning on ORBAC: description logic with defaults and exceptions approach. In: Workshop on privacy and security—artificial intelligence (PSAI), ARES’08, Spain Google Scholar
  43. 43.
    Boustia N, Mokhtari A (2009) DL δε-OrBAC: context based access control. In: WOSIS’09, Italy Google Scholar
  44. 44.
    Zhu H et al (2009) A practical mandatory access control model for XML databases. Inf Sci 179:1116–1133 CrossRefGoogle Scholar
  45. 45.
    Cirstea H et al (2009) Rewrite based specification of access control policies. In: Electronic notes in theoretical computer science, pp 37–54 Google Scholar
  46. 46.
    Kirchner C et al (2009) Analysis of rewrite based access control policies. In: Electronic notes in theoretical computer science, pp 55–75 Google Scholar
  47. 47.
    Collinson M et al. Algebra and logic for access control. In: Formal aspects computing, 2009 Google Scholar
  48. 48.
    He Q et al (2009) Requirements-based access control analysis and policy specification (ReCAPS). Inf Syst Technol 51:993–1009 Google Scholar
  49. 49.
    Artale A et al (1994) A computational account for a description logic of time and action. In: Proceedings of the 4th international conference on the principle of knowledge representation and reasoning, pp 3–14 Google Scholar
  50. 50.
    Artale A et al (1998) A temporal description logic for reasoning about actions and plan. J Artif Intell Res 9:463–506 MATHMathSciNetGoogle Scholar
  51. 51.
    Artale A et al (1999) Temporal ER modeling with description logics. In: Proceedings of the 18th conference on conceptual modeling (ER’99). LNCS, vol 1728. Springer, Berlin, pp 81–95 Google Scholar
  52. 52.
    Artale A et al (2000) A survey of temporal extensions of description logics. Ann Math Artif Intell 1–4:171–210 CrossRefMathSciNetGoogle Scholar
  53. 53.
    Artale A et al (2001) Temporal description logics. In: Handbook of time and temporal reasoning in artificial intelligence. MIT Press, Cambridge Google Scholar
  54. 54.
    Bettini C (1997) Representation and reasoning using temporal description logics. Data Knowl Eng 22:1–38 CrossRefMATHGoogle Scholar
  55. 55.
    Harrison MA et al (1976) Protection in operating systems. Commun ACM 19(8, 22):461–471 CrossRefMATHGoogle Scholar
  56. 56.
    De Carolis B et al (2007) My map: generating personalized tourist descriptions. Appl Intell J 26(2):111–124 CrossRefGoogle Scholar
  57. 57.
    Bennett B et al (2002) Multi-dimensional modal logic as framework for spatio-temporal reasoning. Appl Intell J 17(3):239–251 CrossRefMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Saad Dahlab UniversityBlidaAlgeria
  2. 2.USTHBAlgiersAlgeria

Personalised recommendations