ICCS 2006: Conceptual Structures: Inspiration and Application pp 427-440 | Cite as
Representation and Reasoning on Role-Based Access Control Policies with Conceptual Graphs
Abstract
This paper focuses on two aspects of access control: graphical representation and reasoning. Access control policies describe which permissions are granted to users w.r.t. some resources. The Role-Based Access Control model introduces the concept of role to organize users’ permissions. Currently, there is a need for tools allowing security officers to graphically describe and reason on role-based policies. Thanks to conceptual graphs we can provide a consistent graphical formalism for Role-Based Access Control policies, which is able to deal with specific features of this access control model such as role hierarchy and constraints. Moreover, once a policy is modeled by CGs, graph rules and inference procedures can be used to reason on it; This allows security officers to understand why some permissions are granted or not and to detect whether security constraints are violated.
Keywords
Access Control Access Control Policy Access Control Model Conceptual Graph Constraint Logic ProgrammingPreview
Unable to display preview. Download preview PDF.
References
- 1.Baget, J.-F., Mugnier, M.-L.: Extensions of Simple Conceptual Graphs: the Complexity of Rules and Constraints. Journal of Artificial Intelligence Research (JAIR) 16, 425–465 (2002)MATHMathSciNetGoogle Scholar
- 2.Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Trans. Inf. Syst. Secur. 6, 501–546 (2003)CrossRefGoogle Scholar
- 3.Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Trans. Inf. Syst. Secur. 6, 71–127 (2003)CrossRefGoogle Scholar
- 4.Bonatti, P.A., Samarati, P.: Logics for authorization and security. Logics for Emerging Applications of Databases, 277–323 (2003)Google Scholar
- 5.Chein, M., Mugnier, M.-L.: Représenter des connaissances et raisonner avec des graphes. Revue d’Intelligence Artificielle 10, 7–56 (1996)MATHGoogle Scholar
- 6.Chein, M., Mugnier, M.-L.: Conceptual Graphs: Fundamental Notions Revue d’Intelligence Artificielle. 6-4, 365–406 (1992)Google Scholar
- 7.Knowledge Graphs Research Group: Conceptual Graphs Integrated Tools allowing Nested Typed graphs (CoGITaNT), http://cogitant.sourceforge.net/
- 8.Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role Based Access Control. Artech House (2003)Google Scholar
- 9.Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: CSFW, pp. 187–201 (2003)Google Scholar
- 10.Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control model. IEEE Transactions on Knowledge and Data Engineering 17, 4–23 (2005)CrossRefGoogle Scholar
- 11.Koch, M., Parisi-Presicce, F.: Visual specifications of policies and their verification. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 278–293. Springer, Heidelberg (2003)CrossRefGoogle Scholar
- 12.Salvat, E., Mugnier, M.-L.: Sound and complete forward and backward chaining of graph rules. In: Eklund, P., Mann, G.A., Ellis, G. (eds.) ICCS 1996. LNCS, vol. 1115, pp. 248–262. Springer, Heidelberg (1996)Google Scholar
- 13.Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control models. IEEE Computer 29, 38–47 (1996)Google Scholar
- 14.Sandhu, R.S., Munawer, Q.: The ARBAC99 model for administration of roles. ACSAC., pp. 229–239 (1999)Google Scholar
- 15.Sowa, J.F.: Conceptual Structures: Information Processing in Mind and Machine. Addison-Wesley, Reading (1984)MATHGoogle Scholar
- 16.Tidswell, J., Potter, J.: A graphical definition of authorization schema in the DTAC model. In: ACM Symposium on Access Control Models and Technologies, pp. 109–120 (2001)Google Scholar
- 17.Wermelinger, M.: Conceptual Graphs and First-Order Logic. In: Ellis, G., Rich, W., Levinson, R., Sowa, J.F. (eds.) ICCS 1995. LNCS (LNAI), vol. 954, pp. 323–337. Springer, Heidelberg (1995)Google Scholar