Semantic-based role matching and dynamic inspection for smart access control

In this paper, we propose a scheme of semantic-based role matching and dynamic inspection for smart access control. The basic roles are established first, and then they are allocated to each user via a semantic analysis so that each user obtains the role with the most appropriate access. Our scheme explains the process of basic role establishment. In the process of role matching, our scheme applies the analytic hierarchy process to match roles. The established roles matched to users should not be fixed after the first round matching process. In practice, the type of user often varies, and the role matched to the user requires updating accordingly. Our scheme proposes that the system inspect roles dynamically and adjust or apply re-matching after matching. Re-matching roles not only further guarantees system security but also can bring about a better user experience. In addition, user requests can be refused by the system during process operation. This will yield an incomplete operation or generate incorrect data. To ensure the consistency of user operation, we introduce the concept of a transaction. The proposed scheme ensures the rationality of access control and data security based on semantic approaches and the analytic hierarchy process (AHP).

[1]  Milind Tambe,et al.  Role allocation and reallocation in multiagent teams: towards a practical analysis , 2003, AAMAS '03.

[2]  Yueming Lu,et al.  An alternative-service recommending algorithm based on semantic similarity , 2017, China Communications.

[3]  D. Chang Applications of the extent analysis method on fuzzy AHP , 1996 .

[4]  Muhammad Nabeel Tahir C-RBAC: Contextual role-based access control model , 2007 .

[5]  T. Kropp System threats and vulnerabilities [power system protection] , 2006, IEEE Power and Energy Magazine.

[6]  Jung-Ho Eom,et al.  A Study on Architecture of Access Control System with Enforced Security Control for Ubiquitous Computing Environment , 2008 .

[7]  Hai Jin,et al.  CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment , 2009, J. Netw. Comput. Appl..

[8]  Arunava Roy,et al.  A structure-based software reliability allocation using fuzzy analytic hierarchy process , 2015, Int. J. Syst. Sci..

[9]  Weiru Chen,et al.  Exploring Architecture-Based Software Reliability Allocation Using a Dynamic Programming Algorithm , 2009 .

[10]  Heeseok Lee,et al.  A structured methodology for software development effort prediction using the analytic hierarchy process , 1993, J. Syst. Softw..

[11]  Wenjing Lou,et al.  Dependable and Secure Sensor Data Storage with Dynamic Integrity Assurance , 2009, IEEE INFOCOM 2009.

[12]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[13]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[14]  Stefano Chessa,et al.  Dependable and secure data storage and retrieval in mobile, wireless networks , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[15]  Sui Dan-ni Latent Semantic Analysis for Text-Based Research , 2005 .

[16]  Kevin Fu,et al.  Security and Privacy for Implantable Medical Devices , 2008, IEEE Pervasive Comput..

[17]  Darrell Laham,et al.  Latent Semantic Analysis Approaches to Categorization , 1997 .

[18]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[19]  Atta Badii,et al.  A Context-Awareness Framework for Intelligent Networked Embedded Systems , 2010, 2010 Third International Conference on Advances in Human-Oriented and Personalized Mechanisms, Technologies and Services.

[20]  Junho Choi,et al.  Ontology-based access control model for security policy reasoning in cloud computing , 2013, The Journal of Supercomputing.