An OWL-Based Approach for RBAC with Negative Authorization

Access control is an important issue related to the security on the Semantic Web. Role-Based Access Control (RBAC) is commonly considered as a flexible and efficient model in practice. In this paper, we provide an OWL-based approach for RBAC in the Semantic Web context. First we present an extended model of RBAC with negative authorization, providing detailed analysis of conflicts. Then we use OWL to formalize the extended model. Additionally, we show how to use an OWL-DL reasoner to detect the potential conflicts in the extended model.

[1]  L. Stein,et al.  OWL Web Ontology Language - Reference , 2004 .

[2]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[3]  Ravi Sandhu,et al.  Rule-based RBAC with negative authorization , 2004, 20th Annual Computer Security Applications Conference.

[4]  Volker Haarslev,et al.  Description of the RACER System and its Applications , 2001, Description Logics.

[5]  Etienne J. Khayat,et al.  A formal model for flat role-based access control , 2003 .

[6]  G Stix,et al.  The mice that warred. , 2001, Scientific American.

[7]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[8]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[9]  Fabio Massacci,et al.  Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control , 1997, ECSQARU-FAPR.

[10]  Elisa Bertino,et al.  Authorizations in relational database management systems , 1993, CCS '93.

[11]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[12]  Volker Haarslev,et al.  RACER System Description , 2001, IJCAR.

[13]  Chen Zhao,et al.  Representation and Reasoning on RBAC: A Description Logic Approach , 2005, ICTAC.

[14]  Brett Benyo,et al.  Representation and reasoning for DAML-based policy and domain services in KAoS and nomads , 2003, AAMAS '03.

[15]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[16]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[17]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[18]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[19]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[20]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[21]  Ian Horrocks,et al.  From SHIQ and RDF to OWL: the making of a Web Ontology Language , 2003, J. Web Semant..

[22]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..