Design and Run Time Reasoning with RelBAC

Relation-Based Access Control (RelBAC) is an access control model for the Web scenarios, which represents permissions as relations between users and objects. By exploiting the formalization of RelBAC model in Description Logics (DL), sophisticated access control policies can be directly encoded as DL formulas. This facilitates the administration with design time reasoning on hierarchies, memberships, propagations, separation of duties, etc. and helps with run time reasoning to make access control decisions. All these reasoning can be performed through state of the art, off-the-shelf DL reasoners.

[1]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[2]  Nematollaah Shiri,et al.  Formalization of RBAC Policy with Object Class Hierarchy , 2007, ISPEC.

[3]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[4]  Kathi Fisler,et al.  Verification and change-impact analysis of access-control policies , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[5]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[6]  Fausto Giunchiglia,et al.  Semantic Matching: Algorithms and Implementation , 2007, J. Data Semant..

[7]  Wolfgang Nejdl,et al.  Access Control for Sharing Semantic Data across Desktops , 2007, PEAS.

[8]  Martin Bichler,et al.  Applications of flexible pricing in business-to-business electronic commerce , 2002, IBM Syst. J..

[9]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[10]  Chen Zhao,et al.  Representation and Reasoning on RBAC: A Description Logic Approach , 2005, ICTAC.

[11]  Mustaque Ahamad,et al.  Generalized role-based access control , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[12]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[13]  Fabio Massacci,et al.  Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control , 1997, ECSQARU-FAPR.

[14]  Fausto Giunchiglia,et al.  RelBAC: Relation Based Access Control , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[15]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[16]  Serban I. Gavrila,et al.  Formal specification for role based access control user/role and role/role relationship management , 1998, RBAC '98.

[17]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.