Ontology-Based RBAC Specification for Interoperation in Distributed Environment

  • Di Wu
  • Xiyuan Chen
  • Jian Lin
  • Miaoliang Zhu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4185)


Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization. Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads. This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression. Based on these definitions, the specification for interoperation in distributed environment is introduced. The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts. The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.


Ontology RBAC access control policy interoperation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bacon, J., Moody, K., Yao, W.: A Model of OASIS Role-Based Access Control and Its Support for Active Security. ACM Trans. Information and System Security 5(4), 492–540 (2002)CrossRefGoogle Scholar
  2. 2.
    Osborn, S.L., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. Information and System Security 3(2), 85–106 (2000)CrossRefGoogle Scholar
  3. 3.
    Patel-Schneider, P.F., Hayes, P., Horrocks, I. (eds.): OWL: Web Ontology Language Semantics and Abstract Syntax. W3C Recommendation (February 10, 2004), Latest version is available at,
  4. 4.
    Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A semantic web rule language combining owl and ruleml. W3C Member Submission (May 21, 2004), Available at,
  5. 5.
    Ferraiolo, D., et al.: The NIST Model for Role-Based Access Control: Towards a Unified Standard. ACM Trans. Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  6. 6.
    Moses, T. (ed.): OASIS eXtensible Access Control Markup Language (XACML) Version 2.0 (July 24, 2003), Latest version is available at,
  7. 7.
    Joshi, J.B.D.: Access-control language for multidomain environments. IEEE Internet Computing 8(6), 40–50 (2004)CrossRefGoogle Scholar
  8. 8.
    Johnson, M., Chang, P., Jeffers, R., Bradshaw, J., et al.: KAoS Semantic Policy and Domain Services: An Application of DAML to Web Services-Based Grid Architectures. In: AAMAS 2003 workshop on Web Services and Agent-Based Engineering, Melbourne, Australia (July 2003) (submitted)Google Scholar
  9. 9.
    Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., et al.: KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (2003) (to appear)Google Scholar
  10. 10.
    Kagal, L., Finin, T., Johshi, A.: A Policy Language for Pervasive Computing Environment. In: Proceedings of IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (2003) (to appear)Google Scholar
  11. 11.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  13. 13.
    Ray, I., Li, N., France, R., Kim, D.-K.: Constraints: Using UML To Visualize Role-Based Access Control Constraints. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 115–124. ACM Press, New York (2004)CrossRefGoogle Scholar
  14. 14.
    Covington, M.J., Moyer, M.J., Ahamad, M.: Generalized Role-Based Access Control for Securing Future Applications. In: Proceedings of the 23rd National Information Systems Security Conference (NISSC 2000), Baltimore, MD. U.S.A, October 16-19 (2000)Google Scholar
  15. 15.
    Gong, L., Qian, X.: Computational Issues in Secure Interoperation. IEEE Trans. Software and Eng. 22(1), 43–52 (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Di Wu
    • 1
  • Xiyuan Chen
    • 1
  • Jian Lin
    • 1
  • Miaoliang Zhu
    • 1
  1. 1.College of Computer ScienceZhejiang UniversityHangzhouChina

Personalised recommendations