Ontology-Based RBAC Specification for Interoperation in Distributed Environment
Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization. Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads. This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression. Based on these definitions, the specification for interoperation in distributed environment is introduced. The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts. The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.
KeywordsOntology RBAC access control policy interoperation
Unable to display preview. Download preview PDF.
- 3.Patel-Schneider, P.F., Hayes, P., Horrocks, I. (eds.): OWL: Web Ontology Language Semantics and Abstract Syntax. W3C Recommendation (February 10, 2004), Latest version is available at, http://www.w3.org/TR/owl-semantics/
- 4.Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A semantic web rule language combining owl and ruleml. W3C Member Submission (May 21, 2004), Available at, http://www.w3.org/Submission/SWRL/
- 6.Moses, T. (ed.): OASIS eXtensible Access Control Markup Language (XACML) Version 2.0 (July 24, 2003), Latest version is available at, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
- 8.Johnson, M., Chang, P., Jeffers, R., Bradshaw, J., et al.: KAoS Semantic Policy and Domain Services: An Application of DAML to Web Services-Based Grid Architectures. In: AAMAS 2003 workshop on Web Services and Agent-Based Engineering, Melbourne, Australia (July 2003) (submitted)Google Scholar
- 9.Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., et al.: KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (2003) (to appear)Google Scholar
- 10.Kagal, L., Finin, T., Johshi, A.: A Policy Language for Pervasive Computing Environment. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (2003) (to appear)Google Scholar
- 12.Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
- 14.Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. In: Proceedings of the 23rd National Information Systems Security Conference (NISSC 2000), Baltimore, MD. U.S.A, October 16-19 (2000)Google Scholar