-
摘要: 提出了一种新的基于描述逻辑的形式化表示方法,将组成基于角色的访问控制(RBAC,Role-Based Access Control)模型的集合和关系分别用描述逻辑中的概念和角色表示,并且在基本的描述逻辑语言上引入了可以表示角色的复合关系和包含关系的符号,从而形式化表示出了RBAC与角色继承有关的一些关键性质和约束条件,如角色层次关系(RH,Role Hierarchy)传递性、用户角色分配关系(UA,User-Role Assignment)的继承性和权限角色分配关系(PA,Permission-Role Assignment)的继承性,以及RBAC中的静态职权分离约束和动态职权分离约束等.通过形式化地表示RBAC的继承关系及约束条件,利用描述逻辑本身的推理机制可以限制不符合访问控制策略的继承关系产生.Abstract: A new description logic-based representation for role-based accesss control(RBAC) model was proposed. RBAC sets and relations were translated as concepts and roles in the description logic respectively. To express RBAC role default inheritance and constraint conditions, symbols that represented role composition and inclusion were introduced to the basic description logic language, such that some RBAC default inheritance properties, such as role hierarchy(RH) transitivity, user-role assignment(UA) inheritance and permission-role assignment(PA) inheritance, and some RBAC constraints, such as static and dynamic separation of duty relations, can be represented formally. By integrating default inheritance with constraints in one formal system, the new inheritance relations that violate the access control strategy can be limited with the help of description logic reasoning mechanisms.
-
Key words:
- access control model /
- role-based access control model /
- description logic
-
[1] Finin T,Joshi A,Kagal L,et al.ROWLBAC:representing role based access control in OWL //Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.New York:ACM Press,2008:73-82 [2] Sandhu R,Coyne E,Feinstein H,et al.Role-based access control models[J].IEEE Computer,1996,29(2):38-47 [3] Ferraiolo D,Sandhu R,Gavrila S,et al.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security,2001,4(3):224-274 [4] Park J S,Sandhu R S.Role-based for access control on the Web[J].ACM Transactions on Information and System Security,2001,4(1):37-71 [5] Li Q,Zhang X,Xu M,et al.Towards secure dynamic collaborations with group-based RBAC model[J].Computer & Security,2009,28(5):260-275 [6] Kwon J,Moon C.Visual modeling and formal specification of constraints of RBAC using semantic web technology[J].Knowledge-Based Systems,2007,20(4):350-356 [7] Baader F,Calvanese D,McGuinness D L,et al.The description logic handbook[M].Cambridge:Cambridge University Press,2002 [8] McGuinness D L,van Harmelen F.OWL Web ontology language overview .MIT:W3C Recommendation,2004 .http://www.w3.org/TR/2004/REC-owl-features-20040210/ [9] Zhao C,Heilili N,Liu S,et al.Representation and reasoning on RBAC: a description logic approach //ICTAC2005,LNCS 3722.Berlin:Springer,2005:381-393 [10] Ji G,Tang Y,Jiang Y,et al.A description logic approach to represent and extend RBAC model //1st International Symposium on Pervasive Computing and Applications.Urumqi:IEEE Press,2006:151-156 [11] Yu H,Xie Q,Che H.Description logic based conflict detection methods for RB-RBAC model[J].International Journal of Computer Science and Network Security,2006,6(1A):120-125
点击查看大图
计量
- 文章访问数: 3378
- HTML全文浏览量: 212
- PDF下载量: 1095
- 被引次数: 0