An OWL-Based Approach for RBAC with Negative Authorization

  • Nuermaimaiti Heilili
  • Yang Chen
  • Chen Zhao
  • Zhenxing Luo
  • Zuoquan Lin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4092)


Access control is an important issue related to the security on the Semantic Web. Role-Based Access Control (RBAC) is commonly considered as a flexible and efficient model in practice. In this paper, we provide an OWL-based approach for RBAC in the Semantic Web context. First we present an extended model of RBAC with negative authorization, providing detailed analysis of conflicts. Then we use OWL to formalize the extended model. Additionally, we show how to use an OWL-DL reasoner to detect the potential conflicts in the extended model.


Policy Language Security Policy Description Logic Policy Decision Point Negative Permission 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berners-Lee, T., Hendler, J., Lassila, O.: The Semantic Web. Scientific American 284, 34–43 (2001)CrossRefGoogle Scholar
  2. 2.
    American National Standards Institute, I.: American national standard for information technology - role based access control (2004) ANSI INCITS 359-2004,
  3. 3.
    Kagal, L., Finin, T.W., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Kagal, L., Finin, T., Joshi, A.: A policy language for pervasive computing environment. In: Proceedings of IEEE Fourth International Workshop on Policy (Policy 2003), Lake Como, Italy, pp. 63–76 (2003)Google Scholar
  5. 5.
    Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of IEEE Fourth International Workshop on Policy (Policy 2003), Lake Como, Italy, pp. 93–98 (2003)Google Scholar
  6. 6.
    Bradshaw, J., Uszok, A., Jeffers, R., Suri, N., Hayes, P., Burstein, M., Acquisti, A., Benyo, B., Breedy, M., Carvalho, M., Diller, D., Johnson, M., Kulkarni, S., Lott, J., Sierhuis, M., Hoof, R.V.: Representation and reasoning for daml-based policy and domain services in kaos and nomads. In: Proceedings of the Autonomous Agents and Multi-Agent Systems Conference (AAMAS 2003), Melbourne, Australia, pp. 835–842 (2003)Google Scholar
  7. 7.
    Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Woo, T.Y., Lam, S.S.: Authorization in distributed systems: A new approach. Journal of Computer Security 2, 107–136 (1993)Google Scholar
  9. 9.
    Massacci, F.: Reasoning about security: A logic and a decision method for role-based access control. In: Proceeding of the International Joint Conference on Qualitative and Quantitative Practical Reasoning (ECSQARU/FAPR 1997), pp. 421–435 (1997)Google Scholar
  10. 10.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26, 214–260 (2001)MATHCrossRefGoogle Scholar
  11. 11.
    Bacon, J., Moody, K., Yao, W.: A model of oasis role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5, 492–540 (2002)CrossRefGoogle Scholar
  12. 12.
    Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC) 6, 71–127 (2003)CrossRefGoogle Scholar
  13. 13.
    Khayat, E.J., Abdallah, A.E.: A formal model for flat role-based access control. In: Proceeding of ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2003), Tunis, Tunisia (2003)Google Scholar
  14. 14.
    Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on RBAC: A description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Bechhofer, S., van Harmelen, F., J.H.I.H.D.L.M.L.A.S.: OWL web ontology language reference (2002),
  16. 16.
    Baader, F., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, Cambridge (2002)Google Scholar
  17. 17.
    Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational databases. IEEE Transactions on Knowledge and Data Engineering 9, 85–101 (1997)CrossRefGoogle Scholar
  18. 18.
    Bertino, E., Pierangela, Samarati, Jajodia, S.: Authorizations in relational database management systems. In: Proceedings of the 1st ACM conference on Computer and communications security, Fairfax, Virginia, United States, pp. 130–139. ACM Press, New York (1993)CrossRefGoogle Scholar
  19. 19.
    Al-Kahtani, M.A., Sandhu, R.: Rule-based RBAC with negative authorization. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, Arizona, USA (2004)Google Scholar
  20. 20.
    Haarslev, V., Moller, R.: Description of the RACER system and its applications. In: International Workshop on Description Logics (DL 2001), Stanford, USA (2001)Google Scholar
  21. 21.
    Haarslev, V., Möller, R.: RACER system description. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS, vol. 2083, pp. 18–23. Springer, Heidelberg (2001)Google Scholar
  22. 22.
    Horrocks, I., Patel-Schneider, P.F., Harmelen, F.v.: From SHIQ and RDF to OWL: The making of a web ontology language. Jouranl of Web Semantics 1, 7–26 (2003)Google Scholar
  23. 23.
    Bechhofer, S.: The DIG description logic interface: DIG/1.1 (2003), Available from:
  24. 24.
    Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A semantic web rule language combining OWL and RuleML (version 0.5) (2003),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nuermaimaiti Heilili
    • 1
  • Yang Chen
    • 1
  • Chen Zhao
    • 1
  • Zhenxing Luo
    • 1
  • Zuoquan Lin
    • 1
  1. 1.LMAMDepartment of Information Science,School of Math.Peking UniversityBeijingChina

Personalised recommendations