A Practical Framework for RelBAC Implementation

RelBAC is a new access control model that has gradually aroused the research interest in the domain of access control. But it is still not mature enough for industrial application due to its high logical complexity. In this paper, we present a framework to implement RelBAC . First, access control queries to RelBAC knowledge base (KB) are analysed and categorized into different queries as run-time or off-line. Then the necessary knowledge is studied to answer each type of query. We propose to separate the knowledge for run-time query, named as a complete ABox, from the classical RelBAC KB and store it in a relational database, so as to provide run-time answers within acceptable time. Last, a theorem is proved to backbone our method and an algorithm is proposed to calculate the complete ABox. This framework serves as a meaningful attempt to put RelBAC into practice.

[1]  Fausto Giunchiglia,et al.  Reasoning about Relation Based Access Control , 2010, 2010 Fourth International Conference on Network and System Security.

[2]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[3]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[4]  Fausto Giunchiglia,et al.  Using Description Logics in Relation Based Access Control , 2009, Description Logics.

[5]  Fausto Giunchiglia,et al.  RelBAC: Relation Based Access Control , 2008, 2008 Fourth International Conference on Semantics, Knowledge and Grid.

[6]  Ulrike Sattler,et al.  The Complexity of Reasoning with Boolean Modal Logics , 2000, Advances in Modal Logic.

[7]  Volker Haarslev,et al.  Racer: A Core Inference Engine for the Semantic Web , 2003, EON.

[8]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[9]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[10]  D. Richard Kuhn,et al.  Adding Attributes to Role-Based Access Control , 2010, Computer.

[11]  Carsten Lutz,et al.  PDL with negation of atomic programs , 2004, J. Appl. Non Class. Logics.

[12]  Ian Horrocks,et al.  FaCT++ Description Logic Reasoner: System Description , 2006, IJCAR.

[13]  Renate A. Schmidt,et al.  Using Tableau to Decide Expressive Description Logics with Role Negation , 2007, ISWC/ASWC.

[14]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .