Abstract
Role-Based Access Control (RBAC) is recognized as the predominant model for access control nowadays. However, the ANSI RBAC model provides no mechanism for various rules and policies. To address this issue, a formal logical foundation of RBAC is urgently needed. In this paper, we present an ASPbased nonmonotonic approach to formalize ANIS RBAC model. The proposed formalization provides a proper expression for RBAC components, and an efficient reasoning mechanism for authorization decisions. We show that the formalism can capture RBAC models well and accomplish specific nonmonotonic reasoning tasks flexibly.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sandhu, R., Coynek, E.J., Feinsteink, H.L., Youmank, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
ANSI INCITS: INCITS 359-2004, American national standard for information technology, role based access control (2004)
Anderson, A.: Core and hierarchical role based access control (RBAC) profile of XACML version 2.0. OASIS XACML-TC, Committee Draft (2004)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) 5(3), 332–365 (2002)
Sandhu, R.: A perspective on graphs and access control models. In: Ehrig, H., Engels, G., Parisi-Presicce, F., Rozenberg, G. (eds.) ICGT 2004. LNCS, vol. 3256, pp. 2–12. Springer, Heidelberg (2004)
Ding, G., Chen, J., Lax, R.F., Chen, P.P.: Graph-theoretic method for merging security system specifications. Information Sciences 177(10), 2152–2166 (2007)
Eiter, T., Faber, W., Leone, N., Pfeifer, G.: Declarative problem-solving using the DLV system. In: Logic-based Artificial Intelligence, pp. 79–103. Springer US (2000)
Niemelä, I., Simons, P.: Smodels—an implementation of the stable model and well-founded semantics for normal logic programs. In: Fuhrbach, U., Dix, J., Nerode, A. (eds.) LPNMR 1997. LNCS, vol. 1265, pp. 420–429. Springer, Heidelberg (1997)
Lifschitz, V.: What is answer set programming. In: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 1594–1597 (2008)
Lloyd, J.W.: Foundations of logic programming, 2nd edn. Springer, Berlin (1984)
Zhang, W., Lin, Z.: A Logic-based RBAC Framework for Flexible Policies. In: 2012 Eighth International Conference on Semantics, Knowledge and Grids (SKG), pp. 279–282. IEEE (2012)
Woo, T.Y., Lam, S.S.: A semantic model for authentication protocols. In: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 178–194. IEEE (1993)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems (TODS) 26(2), 214–260 (2001)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC) 6(1), 71–127 (2003)
Barker, S., Stuckey, P.J.: Flexible access control policy specification with constraint logic programming. ACM Transactions on Information and System Security (TISSEC) 6(4), 501–546 (2003)
Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on RBAC: A description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)
Chae, J.H., Shiri, N.: Formalization of RBAC policy with object class hierarchy. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 162–176. Springer, Heidelberg (2007)
Knechtel, M., Hladik, J., Dau, F.: Using OWL DL Reasoning to decide about authorization in RBAC. In: OWLED 2008: Proceedings of the OWLED 2008 Workshop on OWL: Experiences and Directions (2008)
Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 677–686. ACM (2007)
Ferrini, R., Bertino, E.: Supporting rbac with xacml+ owl. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 145–154. ACM (2009)
Massacci, F.: Reasoning about security: a logic and a decision method for role-based access control. In: Nonnengart, A., Kruse, R., Ohlbach, H.J., Gabbay, D.M. (eds.) FAPR 1997 and ECSQARU 1997. LNCS, vol. 1244, pp. 421–435. Springer, Heidelberg (1997)
Mossakowski, T., Drouineaud, M., Sohr, K.: A temporal-logic extension of role-based access control covering dynamic separation of duties. In: Proceedings of the 10th International Symposium on Temporal Representation and Reasoning and Fourth International Conference on Temporal Logic, pp. 83–90. IEEE (2003)
Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Webb, G.I., Yu, X. (eds.) AI 2004. LNCS (LNAI), vol. 3339, pp. 623–635. Springer, Heidelberg (2004)
Ahn, G.J., Hu, H., Lee, J., Meng, Y.: Reasoning about xacml policy descriptions in answer set programming (preliminary report). In: 13th International Workshop on Nonmonotonic Reasoning, NMR 2010 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, W., Lin, Z. (2013). Representation and Reasoning on RBAC: A Nonmonotonic Approach. In: Wang, M. (eds) Knowledge Science, Engineering and Management. KSEM 2013. Lecture Notes in Computer Science(), vol 8041. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39787-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-39787-5_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39786-8
Online ISBN: 978-3-642-39787-5
eBook Packages: Computer ScienceComputer Science (R0)