论文信息 - A Logic-Based RBAC Framework for Flexible Policies

A Logic-Based RBAC Framework for Flexible Policies

The ANSI RBAC standard provides no mechanism for access policies. This paper employs answer set programming (ASP) as the policy language and presents a new logic-based RBAC formalization framework. The powerful expression ability of ASP ensures the representation of various policies, while high-efficient answer set solvers help our framework suit for reasoning in industrial level applications. We show that properties of the proposed framework support flexible policies well. Furthermore, systems based on the proposed framework are proved to be safe and available.

Wei Zhang | Zuoquan Lin

[1] Elisa Bertino,et al. Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[2] Jan Hladik,et al. Using OWL DL Reasoning to Decide about authorization in RBAC , 2008, OWLED.

[3] Chen Zhao,et al. An OWL-Based Approach for RBAC with Negative Authorization , 2006, KSEM.

[4] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[5] Sushil Jajodia,et al. Flexible support for multiple access control policies , 2001, TODS.

[6] Vladimir Lifschitz,et al. Answer set programming and plan generation , 2002, Artif. Intell..

[7] Liu Ying. RoleBased Access Control Model and Application , 2002 .

[8] Elisa Bertino,et al. Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[9] Karl N. Levitt,et al. Security Policy Specification Using a Graphical Approach , 1998, ArXiv.