Skip to main content
SpringerLink
Log in

Modeling of the Role-Based Access Control Policy with Constraints Using Description Logic

  • Conference paper
Book cover Computational Science and Its Applications – ICCSA 2007 (ICCSA 2007)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4705))

Included in the following conference series:

  • 1711 Accesses

Abstract

Security policies form a collection of access restrictions on objects and resources. In this paper, we introduce an access control model with constraints that are common in typical information systems. This access control model is based on the role-based access control policy. It is modified to represent object classes and their hierarchies. The formalization of the proposed policy and constraints is performed using a logical approach based on description logics. Several access control constraints are discussed. The capability of the proposed model to formalize object-based constraints is demonstrated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst (USA) 15(4), 706–734 (1993)

    Article  Google Scholar 

  2. Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Proc. of the 6th ACM Conference on Computer and Communications Security, Singapore, ACM Press, New York (1999)

    Google Scholar 

  3. Baader, F., McGuinness, D.L., Nardi, D., Patel-Schneider, P.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge university Press, Cambridge, United Kingdom (2003)

    MATH  Google Scholar 

  4. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: A temporal access control mechanism for database systems. IEEE Trans. On Knowledge and Data Engineering 8(1), 67–80 (1996)

    Article  Google Scholar 

  5. Calvanese, D., De Giacomo, G., Lenzerini, M.: Description logics: foundations for class-based knowledge representation. In: Proceedings 17th Annual IEEE Symposium on Logic in Computer Science, pp. 359–370. IEEE Computer Society Press, Los Alamitos (2002)

    Chapter  Google Scholar 

  6. Chae, J.H., Shiri, N.: Formalization of RBAC policy with object class hierarchy. In: Proc. of the 3rd Information Security Practice and Experience Conference (ISPEC) (2007)

    Google Scholar 

  7. Chapin, S., Jajodia, S., Faatz, D.: Distributed policies for data management making policies mobile. In: Proc. of 14th IFIP 11.3 Working Conference on Database Security, Schoorl, Netherlands (2000)

    Google Scholar 

  8. Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Proc. of 17th Australian Joint Conference on Artificial Intelligence, Cairns, Australia (2004)

    Google Scholar 

  9. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–39. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Detreville, J.: Binder, a logic-based security language. In: Proc. of the IEEE Symposium in Security and Privacy, IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  11. Ferraiolo, D.E., Cugini, J.A., Kuhn, D.R.: Role-based access control (RBAC): features and motivations. In: Proceedings. 11th Annual Computer Security Applications Conference, pp. 241–248 (1995)

    Google Scholar 

  12. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur (USA) 4(3), 224–274 (2001)

    Article  Google Scholar 

  13. Haarslev, V., Moller, R.: Racer system description. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 701–705. Springer, Heidelberg (2001)

    Google Scholar 

  14. Jajodia, S., Kudo, M., Subrahmanian, W.S.: Provisional authorizations. In: Proc. of 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece (2000)

    Google Scholar 

  15. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst (USA) 26(2), 214–260 (2001)

    Article  Google Scholar 

  16. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proc. IEEE Symp. on Research in Security and Privacy, Oakland, Calif., pp. 31–42 (1997)

    Google Scholar 

  17. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A formal model for role-based access control using graph transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  18. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur. (USA) 5(3), 332–365 (2002)

    Article  Google Scholar 

  19. Levesque, H.: Foundation of a functional approach to knowledge representation. Artificial Intelligence 23(2), 155–212 (1984)

    Article  MATH  Google Scholar 

  20. Massacci, F.: Reasoning about security: A logic and a decision method for role-based access control. In: Nonnengart, A., Kruse, R., Ohlbach, H.J., Gabbay, D.M. (eds.) FAPR 1997 and ECSQARU 1997. LNCS, vol. 1244, pp. 421–435. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  21. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  22. Woo, T.Y.C., Lam, S.S.: Authorization in distributed systems: a new approach. J. Comput. Secur. (Netherlands) 2(2-3), 107–136 (1993)

    Google Scholar 

  23. Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on RBAC: a description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. École Polytechnique de Montréal, Montréal, Québec, Canada

    Junghwa Chae

Authors
  1. Junghwa Chae
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Osvaldo Gervasi Marina L. Gavrilova

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chae, J. (2007). Modeling of the Role-Based Access Control Policy with Constraints Using Description Logic. In: Gervasi, O., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2007. ICCSA 2007. Lecture Notes in Computer Science, vol 4705. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74472-6_41

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74472-6_41

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74468-9

  • Online ISBN: 978-3-540-74472-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation