Abstract
Security policies form a collection of access restrictions on objects and resources. In this paper, we introduce an access control model with constraints that are common in typical information systems. This access control model is based on the role-based access control policy. It is modified to represent object classes and their hierarchies. The formalization of the proposed policy and constraints is performed using a logical approach based on description logics. Several access control constraints are discussed. The capability of the proposed model to formalize object-based constraints is demonstrated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst (USA) 15(4), 706–734 (1993)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Proc. of the 6th ACM Conference on Computer and Communications Security, Singapore, ACM Press, New York (1999)
Baader, F., McGuinness, D.L., Nardi, D., Patel-Schneider, P.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge university Press, Cambridge, United Kingdom (2003)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A temporal access control mechanism for database systems. IEEE Trans. On Knowledge and Data Engineering 8(1), 67–80 (1996)
Calvanese, D., De Giacomo, G., Lenzerini, M.: Description logics: foundations for class-based knowledge representation. In: Proceedings 17th Annual IEEE Symposium on Logic in Computer Science, pp. 359–370. IEEE Computer Society Press, Los Alamitos (2002)
Chae, J.H., Shiri, N.: Formalization of RBAC policy with object class hierarchy. In: Proc. of the 3rd Information Security Practice and Experience Conference (ISPEC) (2007)
Chapin, S., Jajodia, S., Faatz, D.: Distributed policies for data management making policies mobile. In: Proc. of 14th IFIP 11.3 Working Conference on Database Security, Schoorl, Netherlands (2000)
Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Proc. of 17th Australian Joint Conference on Artificial Intelligence, Cairns, Australia (2004)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)
Detreville, J.: Binder, a logic-based security language. In: Proc. of the IEEE Symposium in Security and Privacy, IEEE Computer Society Press, Los Alamitos (2002)
Ferraiolo, D.E., Cugini, J.A., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: Proceedings. 11th Annual Computer Security Applications Conference, pp. 241–248 (1995)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur (USA) 4(3), 224–274 (2001)
Haarslev, V., Moller, R.: Racer system description. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 701–705. Springer, Heidelberg (2001)
Jajodia, S., Kudo, M., Subrahmanian, W.S.: Provisional authorizations. In: Proc. of 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece (2000)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst (USA) 26(2), 214–260 (2001)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., pp. 31–42 (1997)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A formal model for role-based access control using graph transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur. (USA) 5(3), 332–365 (2002)
Levesque, H.: Foundation of a functional approach to knowledge representation. Artificial Intelligence 23(2), 155–212 (1984)
Massacci, F.: Reasoning about security: A logic and a decision method for role-based access control. In: Nonnengart, A., Kruse, R., Ohlbach, H.J., Gabbay, D.M. (eds.) FAPR 1997 and ECSQARU 1997. LNCS, vol. 1244, pp. 421–435. Springer, Heidelberg (1997)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Woo, T.Y.C., Lam, S.S.: Authorization in distributed systems: a new approach. J. Comput. Secur. (Netherlands) 2(2-3), 107–136 (1993)
Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on RBAC: a description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chae, J. (2007). Modeling of the Role-Based Access Control Policy with Constraints Using Description Logic. In: Gervasi, O., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2007. ICCSA 2007. Lecture Notes in Computer Science, vol 4705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74472-6_41
Download citation
DOI: https://doi.org/10.1007/978-3-540-74472-6_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74468-9
Online ISBN: 978-3-540-74472-6
eBook Packages: Computer ScienceComputer Science (R0)