Abstract
Role-based access control (RBAC) is recognized as an excellent model for access control in large-scale networked applications. Formalization of RBAC in a logical approach makes it feasible to reason about a specified policy and verify its correctness. We propose a formalization of RBAC by the description logic language \(\mathcal{ALCQ}\). We also show that the RBAC constraints can be captured by \(\mathcal{ALCQ}\). Furthermore, we demonstrate how to make access control decision, perform the RBAC functions as well as check the consistency of RBAC via the description logic reasoner RACER.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29, 38–47 (1996)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramoli, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A formal model for role-based access control using graph transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for rbac. ACM Transactions on Information and System Security (TISSEC) 5, 332–365 (2002)
Woo, T.Y., Lam, S.S.: Authorization in distributed systems: A new approach. Journal of Computer Security 2, 107–136 (1993)
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15, 706–734 (1993)
Massacci, F.: Reasoning about security: A logic and a decision method for role-based access control. In: Proceeding of the International Joint Conference on Qualitative and Quantitative Practical Reasoning (ECSQARU/FAPR 1997), pp. 421–435 (1997)
Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore (1999)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26, 214–260 (2001)
Bacon, J., Moody, K., Yao, W.: A model of oasis role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5, 492–540 (2002)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC) 6, 71–127 (2003)
Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Webb, G.I., Yu, X. (eds.) AI 2004. LNCS (LNAI), vol. 3339, pp. 623–635. Springer, Heidelberg (2004)
Gligor, V.D., Gavrila, S.I., Ferrailolo, D.: On the formal definition of separation-of-duty policies and their composition. In: Proccedings of IEEE Symposium on Security and Privacy, Oakland, California, pp. 172–185 (1998)
Mossakowski, T., Drouineaud, M., Sohr, K.: A temporal-logic extension of role-based access control covering dynamic separation of duties. In: Proceedings of the 4th International Conference on Temporal Logic, pp. 83–90 (2003)
Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC) 3, 207–226 (2000)
Baader, F., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, Cambridge (2002)
Giacomo, G.D., Lenzerini, M.: A uniform framework for concept definitions in description logics. Journal of Artificial Intelligence Research 6, 87–110 (1997)
Schmidt-SchauB, M., Smolka, G.: Attributive concept descriptions with complements. Artifical Intelligence 48, 1–26 (1991)
Haarslev, V., Moller, R.: RACER system description. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 701–723. Springer, Heidelberg (2001)
Haarslev, V., Moller, R.: Description of the RACER system and its applications. In: International Workshop on Description Logics (DL 2001), Stanford, USA (2001)
RICE (RACER Interactive Client Environment), http://www.b1g-systems.com/ronald/rice/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhao, C., Heilili, N., Liu, S., Lin, Z. (2005). Representation and Reasoning on RBAC: A Description Logic Approach. In: Van Hung, D., Wirsing, M. (eds) Theoretical Aspects of Computing – ICTAC 2005. ICTAC 2005. Lecture Notes in Computer Science, vol 3722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560647_25
Download citation
DOI: https://doi.org/10.1007/11560647_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29107-7
Online ISBN: 978-3-540-32072-2
eBook Packages: Computer ScienceComputer Science (R0)