Paper Info
Title
Using Description Logic to Formalize Role-Based Access Control Model
Abstract
Role-Based Access Control (RBAC) has been recognized as a strategy which reduces the cost and complexity of security administration in large-scale net- worked applications. A general family of RBAC models called RBAC96 was proposed by Sandhu et al. (1), which formally deflnes the relations among user, role and permission using the notion of set membership. Constraints is an im- portant aspect of RBAC, which impose restrictions on acceptable conflgurations of the difierent components of RBAC. Nevertheless, it was discussed informally in the RBAC96 model. There has been some efiorts to present a logical framework for the access con- trol models. Most of these works are based on flrst-order logic or its extensions. However, excessively rich expressiveness may bring on complex computation and confusion. We present a novel formalization of RBAC using a description logic approach. Compared with flrst-order logic, DLs achieve a better tradeofi between the com- putational complexity of reasoning and the expressiveness of the language. We choose the DL language ALC to represent core and hierarchical RBAC, and ALCQ that extends ALC by qualifled number restrictions to express RBAC constraints, including separation of duty and role cardinality. Based on our log- ical framework it is feasible to reason about RBAC and check the consistency of RBAC with constraints via a DL reasoner(e.g. RACER).
Year
Venue
Keywords
2005
Description Logics
separation of duty,role based access control,description logic,logical framework
Field
DocType
Citations 
Permission,Semantic reasoner,Computer science,Role-based access control,Description logic,Cardinality,Theoretical computer science,Access control,Separation of duties,Logical framework
Conference
1
PageRank 
References 
Authors
0.35
1
4
Name
Order
Citations
PageRank
Chen Zhao1105.27
Nuermaimaiti Heilili2403.47
Shengping Liu3423.18
Zuoquan Lin435433.75