Abstract
Access control systems often use rule based frameworks to express access policies. These frameworks not only simplify the representation of policies, but also provide reasoning capabilities that can be used to verify the policies. In this work, we propose to use defeasible reasoning to simplify the specification of role-based access control policies and make them modular and more robust. We use the Flora-2 rule-based reasoner for representing a role-based access control policy. Our early experiments show that the wide range of features provided by Flora-2 greatly simplifies the task of building the requisite ontologies and the reasoning components for such access control systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Becker, M.Y., Nanz, S.: A logic for state-modifying authorization policies. ACM Trans. Inf. Syst. Secur. 13(3), 20:1–20:28 (2010). http://doi.acm.org/10.1145/1805974.1805976
Brickley, D., Guha, R.: Rdf schema 1.1. Tech. rep., W3C (2014)
Chen, W., Kifer, M., Warren, D.S.: Hilog: A foundation for higher-order logic programming. The Journal of Logic Programming 15(3), 187–230 (1993). http://www.sciencedirect.com/science/article/pii/074310669390039J
Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001). http://dl.acm.org/citation.cfm?id=646962.712108
Ferraiolo, D.F., Kuhn, R.D., Chandramouli, R.: Role-Based Access Control, 2nd edn. Artech House Inc, Norwood (2007)
Hitzler, P., Krtzsch, M., Parsia, B., Patel-Schneider, P.F., Rudolph, S.: Owl 2 web ontology language primer (second edition). Tech. rep., W3C (2012)
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-31540-4_4
Joshi, J., Bhatti, R., Bertino, E., Ghafoor, A.: An access control language for multi-domain environments. IEEE Internet Computing 8(6), 40–50 (2004)
Kagal, L.: Rei1: A policy language for the me-centric project. Tech. rep., HP Laboratories (2002)
Kifer, M.: FLORA-2: An object-oriented knowledge base language. The FLORA-2 Web Site. http://flora.sourceforge.net
Kifer, M.: Rules and ontologies in F-logic. In: Eisinger, N., Małuszyński, J. (eds.) Reasoning Web. LNCS, vol. 3564, pp. 22–34. Springer, Heidelberg (2005)
Kifer, M., Lausen, G., Wu, J.: Logical foundations of object-oriented and frame-based languages. J. ACM 42(4), 741–843 (1995). http://doi.acm.org/10.1145/210332.210335
Li, H., Zhang, X., Wu, H., Qu, Y.: Design and application of rule based access control policies. In: Proceedings of 7th Semantic Web and Policy Workshop (2005)
Parducci, B., Lockhart, H.: extensible access control markup language (xacml) version 3.0. Tech. rep., OASIS Standard (2013)
Park, J.S., Ahn, G.J., Sandhu, R.: Role-based access control on the web using ldap. In: Proceedings of the Fifteenth Annual Working Conference on Database and Application Security, Das 2001, pp. 19–30 Kluwer Academic Publishers, Norwell (2002). http://dl.acm.org/citation.cfm?id=863742.863745
Park, J.S., Sandhu, R., Ahn, G.J.: Role-based access control on the web. ACM Trans. Inf. Syst. Secur. 4(1), 37–71 (2001). http://doi.acm.org/10.1145/383775.383777
Przymusinski, T.: Well-founded and stationary models of logic programs. Annals of Mathematics and Artificial Intelligence 12(3–4), 141–187 (1994)
Schulzrinne, H., Tschofenig, H., Morris, J.B., Cuellar, J.R., Polk, J., Rosenberg, J.: Common policy: A document format for expressing privacy preferences. Internet RFC 4745, February, 2007
Sun, Y., Pan, P., Leung, H., Shi, B.: Ontology based hybrid access control for automatic interoperation. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 323–332. Springer, Heidelberg (2007). http://dl.acm.org/citation.cfm?id=2394798.2394840
Wan, H., Grosof, B., Kifer, M., Fodor, P., Liang, S.: Logic programming with defaults and argumentation theories. In: Hill, P.M., Warren, D.S. (eds.) ICLP 2009. LNCS, vol. 5649, pp. 432–448. Springer, Heidelberg (2009)
Wan, H., Kifer, M., Grosof, B.: Defeasibility in answer set programs with defaults and argumentation rules. Semantic Web Journal (2014)
Yang, G., Kifer, M., Zhao, C.: FLORA-2: a rule-based knowledge representation and inference for the semantic web. In: Meersman, R., Schmidt, D.C. (eds.) CoopIS 2003, DOA 2003, and ODBASE 2003. LNCS, vol. 2888, pp. 671–688. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Basseda, R., Gao, T., Kifer, M., Greenspan, S., Chell, C. (2015). Representing Flexible Role-Based Access Control Policies Using Objects and Defeasible Reasoning. In: Bassiliades, N., Gottlob, G., Sadri, F., Paschke, A., Roman, D. (eds) Rule Technologies: Foundations, Tools, and Applications. RuleML 2015. Lecture Notes in Computer Science(), vol 9202. Springer, Cham. https://doi.org/10.1007/978-3-319-21542-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-21542-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-21541-9
Online ISBN: 978-3-319-21542-6
eBook Packages: Computer ScienceComputer Science (R0)