基于描述逻辑DL<sub>RBAC</sub>的RBAC形式化模型

马丽; 马世龙; 眭跃飞

基于描述逻辑DL_RBAC的RBAC形式化模型

1.
北京航空航天大学计算机学院, 北京 100191
2. 中国科学院计算技术研究所, 北京 100190

基金项目: 国家973重点基础研究发展规划资助项目(2005CB321902)

详细信息

通讯作者:
马丽

中图分类号: TP309
计量
- 文章访问数: 3398
- HTML全文浏览量: 217
- PDF下载量: 1095
- 被引次数: 0
出版历程
- 收稿日期: 2009-10-12
- 网络出版日期: 2010-11-30

Representation for RBAC model with description logic DL_RBAC

Ma Li^{1
, ,},
Ma Shilong¹,
Sui Yuefei²

1.
School of Computer Science and Technology, Beijing University of Aeronautics and Astronautics, Beijing 100191, China
2. Information Processing Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China

More Information

Corresponding author: Ma Li

摘要

摘要: 提出了一种新的基于描述逻辑的形式化表示方法,将组成基于角色的访问控制(RBAC,Role-Based Access Control)模型的集合和关系分别用描述逻辑中的概念和角色表示,并且在基本的描述逻辑语言上引入了可以表示角色的复合关系和包含关系的符号,从而形式化表示出了RBAC与角色继承有关的一些关键性质和约束条件,如角色层次关系(RH,Role Hierarchy)传递性、用户角色分配关系(UA,User-Role Assignment)的继承性和权限角色分配关系(PA,Permission-Role Assignment)的继承性,以及RBAC中的静态职权分离约束和动态职权分离约束等.通过形式化地表示RBAC的继承关系及约束条件,利用描述逻辑本身的推理机制可以限制不符合访问控制策略的继承关系产生.
- 访问控制 /
- 基于角色的访问控制 /
- 描述逻辑
Abstract: A new description logic-based representation for role-based accesss control(RBAC) model was proposed. RBAC sets and relations were translated as concepts and roles in the description logic respectively. To express RBAC role default inheritance and constraint conditions, symbols that represented role composition and inclusion were introduced to the basic description logic language, such that some RBAC default inheritance properties, such as role hierarchy(RH) transitivity, user-role assignment(UA) inheritance and permission-role assignment(PA) inheritance, and some RBAC constraints, such as static and dynamic separation of duty relations, can be represented formally. By integrating default inheritance with constraints in one formal system, the new inheritance relations that violate the access control strategy can be limited with the help of description logic reasoning mechanisms.
- access control model /
- role-based access control model /
- description logic

HTML全文

参考文献(1)

[1] Finin T,Joshi A,Kagal L,et al.ROWLBAC:representing role based access control in OWL //Proceedings of the 13th ACM Symposium on Access Control Models and Technologies.New York:ACM Press,2008:73-82[2] Sandhu R,Coyne E,Feinstein H,et al.Role-based access control models[J].IEEE Computer,1996,29(2):38-47[3] Ferraiolo D,Sandhu R,Gavrila S,et al.Proposed NIST standard for role-based access control[J].ACM Transactions on Information and System Security,2001,4(3):224-274[4] Park J S,Sandhu R S.Role-based for access control on the Web[J].ACM Transactions on Information and System Security,2001,4(1):37-71[5] Li Q,Zhang X,Xu M,et al.Towards secure dynamic collaborations with group-based RBAC model[J].Computer & Security,2009,28(5):260-275[6] Kwon J,Moon C.Visual modeling and formal specification of constraints of RBAC using semantic web technology[J].Knowledge-Based Systems,2007,20(4):350-356[7] Baader F,Calvanese D,McGuinness D L,et al.The description logic handbook[M].Cambridge:Cambridge University Press,2002[8] McGuinness D L,van Harmelen F.OWL Web ontology language overview .MIT:W3C Recommendation,2004 .[9] Zhao C,Heilili N,Liu S,et al.Representation and reasoning on RBAC: a description logic approach //ICTAC2005,LNCS 3722.Berlin:Springer,2005:381-393[10] Ji G,Tang Y,Jiang Y,et al.A description logic approach to represent and extend RBAC model //1st International Symposium on Pervasive Computing and Applications.Urumqi:IEEE Press,2006:151-156[11] Yu H,Xie Q,Che H.Description logic based conflict detection methods for RB-RBAC model[J].International Journal of Computer Science and Network Security,2006,6(1A):120-125

施引文献

资源附件(0)

访问统计