Abstract | ||
---|---|---|
Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale net- worked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. (1), which formally deflnes the relations among user, role and permission using the notion of set membership. Constraints is an im- portant aspect of RBAC, which impose restrictions on acceptable conflgurations of the difierent components of RBAC. Nevertheless, it was discussed informally in the RBAC96 model. There has been some efiorts to present a logical framework for the access con- trol models. Most of these works are based on flrst-order logic or its extensions. However, excessively rich expressiveness may bring on complex computation and confusion. We present a novel formalization of RBAC using a description logic approach. Compared with flrst-order logic, DLs achieve a better tradeofi between the com- putational complexity of reasoning and the expressiveness of the language. We choose the DL language ALC to represent core and hierarchical RBAC, and ALCQ that extends ALC by qualifled number restrictions to express RBAC constraints, including separation of duty and role cardinality. Based on our log- ical framework it is feasible to reason about RBAC and check the consistency of RBAC with constraints via a DL reasoner(e.g. RACER). |
Year | Venue | Keywords |
---|---|---|
2005 | Description Logics | separation of duty,role based access control,description logic,logical framework |
Field | DocType | Citations |
Permission,Semantic reasoner,Computer science,Role-based access control,Description logic,Cardinality,Theoretical computer science,Access control,Separation of duties,Logical framework | Conference | 1 |
PageRank | References | Authors |
0.35 | 1 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Chen Zhao | 1 | 10 | 5.27 |
Nuermaimaiti Heilili | 2 | 40 | 3.47 |
Shengping Liu | 3 | 42 | 3.18 |
Zuoquan Lin | 4 | 354 | 33.75 |