Advertisement

Specification of History Based Constraints for Access Control in Conceptual Level

  • Fathiyeh Faghih
  • Morteza Amini
  • Rasool Jalili
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6503)

Abstract

An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships in the domains of subjects, objects, and actions. In this paper, we propose a logic based access control model for specification and inference of history-constrained access policies in conceptual level of Semantic Web. The proposed model (named TDLBAC-2) enables authorities to state policy rules based on the history of users’ accesses using a temporal description logic called \(\mathcal{DLR}_{US}\). The expressive power of the model is shown through seven different patterns for stating history-constrained access policies. The designed access decision algorithm of the model leverages the inference services of \(\mathcal{DLR}_{US}\), which facilitates the implementation of an enforcement system working based on the proposed model. Sound inference, history-awareness, ability to define access policies in conceptual level, and preciseness are the main advantages of the proposed model.

Keywords

Access Control Security Policy Description Logic Policy Rule Semantic Relationship 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Javanmardi, S., Amini, M., Jalili, R., GanjiSaffar, Y.: SBAC: A Semantic–Based Access Control Model. In: Proceedings of the 11th Nordic Workshop on Secure IT-Systems, NordSec2006, Linkping, Sweden:[sn], pp. 157–168 (2006)Google Scholar
  2. 2.
    Ravari, A.N., Amini, M., Jalili, R.: A Semantic Aware Access Control Model with Real Time Constraints on History of Accesses. In: International Multiconference on Computer Science and Information Technology, pp. 827–836 (2008)Google Scholar
  3. 3.
    Faghih, F., Amini, M., Jalili, R.: A Temporal Description Logic Based Access Control Model for Expressing History Constrained Policies in Semantic Web. In: Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, pp. 142–149. IEEE Computer Society, Los Alamitos (2009)CrossRefGoogle Scholar
  4. 4.
    Kołaczek, G.: Application of Deontic Logic in Role–Based Access Control. Int. J. Appl. Math. Comput. Sci. 12(2), 269–275 (2002)zbMATHGoogle Scholar
  5. 5.
    Chae, J.: Towards Modal Logic Formalization of Role-Based Access Control with Object Classes. In: Derrick, J., Vain, J. (eds.) FORTE 2007. LNCS, vol. 4574, p. 97. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Baader, F., Horrocks, I., Sattler, U.: Description logics as ontology languages for the semantic web. LNCS (LNAI), pp. 228–248. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  7. 7.
    Artale, A., Franconi, E., Wolter, F., Zakharyaschev, M.: A temporal description logic for reasoning over conceptual schemas and queries. LNCS, pp. 98–110. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  8. 8.
    Artale, A., Franconi, E., Mosurovic, M., Wolter, F., Zakharyaschev, M.: The DLRUS temporal description logic. In: Proceedings of the 2001 Description Logic Workshop (DL 2001), Citeseer, pp. 96–105 (2001)Google Scholar
  9. 9.
    Baader, F., Calvanese, D., McGuinness, D.L., Patel-Schneider, P., Nardi, D.: The description logic handbook: theory, implementation, and applications. Cambridge Univ. Pr., Cambridge (2003)zbMATHGoogle Scholar
  10. 10.
    Calvanese, D., De Giacomo, G., Lembo, D., Lenzerini, M., Rosati, R.: Data complexity of query answering in description logics. In: Proc. of the 10th Int. Conf. on the Principles of Knowledge Representation and Reasoning (KR 2006), pp. 260–270 (2006)Google Scholar
  11. 11.
    Calvanese, D., De Giacomo, G., Lenzerini, M.: Conjunctive query containment and answering under description logic constraints. ACM Transactions on Computational Logic (TOCL) 9(3), 22 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Brewer, D.F.C., Nash, M.J.: The Chinese wall security policy. In: Proceedings of the 1989 IEEE Symposium on Security and Privacy, Citeseer, pp. 206–214 (1989)Google Scholar
  13. 13.
    Edjlali, G., Acharya, A., Chaudhary, V.: History-based access control for mobile code. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, pp. 38–48. ACM, New York (1998)Google Scholar
  14. 14.
    Abadi, M., Fournet, C.: Access control based on execution history. In: Proceedings of the 10th Annual Network and Distributed System Security Symposium, Citeseer, pp. 107–121 (2003)Google Scholar
  15. 15.
    Bertino, E., Ferrari, E., Atluri, V.: The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security (TISSEC) 2(1), 104 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Fathiyeh Faghih
    • 1
  • Morteza Amini
    • 1
  • Rasool Jalili
    • 1
  1. 1.Dept. of Comp. Eng.Sharif University of TechnologyTehranIran

Personalised recommendations