Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs

  • Romuald Thion
  • Stéphane Coulondre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4068)


This paper focuses on two aspects of access control: graphical representation and reasoning. Access control policies describe which permissions are granted to users w.r.t. some resources. The Role-Based Access Control model introduces the concept of role to organize users’ permissions. Currently, there is a need for tools allowing security officers to graphically describe and reason on role-based policies. Thanks to conceptual graphs we can provide a consistent graphical formalism for Role-Based Access Control policies, which is able to deal with specific features of this access control model such as role hierarchy and constraints. Moreover, once a policy is modeled by CGs, graph rules and inference procedures can be used to reason on it; This allows security officers to understand why some permissions are granted or not and to detect whether security constraints are violated.


Access Control Access Control Policy Access Control Model Conceptual Graph Constraint Logic Programming 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baget, J.-F., Mugnier, M.-L.: Extensions of Simple Conceptual Graphs: the Complexity of Rules and Constraints. Journal of Artificial Intelligence Research (JAIR) 16, 425–465 (2002)zbMATHMathSciNetGoogle Scholar
  2. 2.
    Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6, 501–546 (2003)CrossRefGoogle Scholar
  3. 3.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6, 71–127 (2003)CrossRefGoogle Scholar
  4. 4.
    Bonatti, P.A., Samarati, P.: Logics for authorization and security. Logics for Emerging Applications of Databases, 277–323 (2003)Google Scholar
  5. 5.
    Chein, M., Mugnier, M.-L.: Représenter des connaissances et raisonner avec des graphes. Revue d’Intelligence Artificielle 10, 7–56 (1996)zbMATHGoogle Scholar
  6. 6.
    Chein, M., Mugnier, M.-L.: Conceptual Graphs: Fundamental Notions Revue d’Intelligence Artificielle. 6-4, 365–406 (1992)Google Scholar
  7. 7.
    Knowledge Graphs Research Group: Conceptual Graphs Integrated Tools allowing Nested Typed graphs (CoGITaNT),
  8. 8.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role Based Access Control. Artech House (2003)Google Scholar
  9. 9.
    Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: CSFW, pp. 187–201 (2003)Google Scholar
  10. 10.
    Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control model. IEEE Transactions on Knowledge and Data Engineering 17, 4–23 (2005)CrossRefGoogle Scholar
  11. 11.
    Koch, M., Parisi-Presicce, F.: Visual specifications of policies and their verification. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 278–293. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Salvat, E., Mugnier, M.-L.: Sound and complete forward and backward chaining of graph rules. In: Eklund, P., Mann, G.A., Ellis, G. (eds.) ICCS 1996. LNCS, vol. 1115, pp. 248–262. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control models. IEEE Computer 29, 38–47 (1996)Google Scholar
  14. 14.
    Sandhu, R.S., Munawer, Q.: The ARBAC99 model for administration of roles. ACSAC., pp. 229–239 (1999)Google Scholar
  15. 15.
    Sowa, J.F.: Conceptual Structures: Information Processing in Mind and Machine. Addison-Wesley, Reading (1984)zbMATHGoogle Scholar
  16. 16.
    Tidswell, J., Potter, J.: A graphical definition of authorization schema in the DTAC model. In: ACM Symposium on Access Control Models and Technologies, pp. 109–120 (2001)Google Scholar
  17. 17.
    Wermelinger, M.: Conceptual Graphs and First-Order Logic. In: Ellis, G., Rich, W., Levinson, R., Sowa, J.F. (eds.) ICCS 1995. LNCS (LNAI), vol. 954, pp. 323–337. Springer, Heidelberg (1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Romuald Thion
    • 1
  • Stéphane Coulondre
    • 1
  1. 1.LIRIS: Lyon Research Center for Images and Intelligent Information SystemsVilleurbanneFrance

Personalised recommendations