Representation and Reasoning on RBAC: A Nonmonotonic Approach

Role-Based Access Control (RBAC) is recognized as the predominant model for access control nowadays. However, the ANSI RBAC model provides no mechanism for various rules and policies. To address this issue, a formal logical foundation of RBAC is urgently needed. In this paper, we present an ASPbased nonmonotonic approach to formalize ANIS RBAC model. The proposed formalization provides a proper expression for RBAC components, and an efficient reasoning mechanism for authorization decisions. We show that the formalism can capture RBAC models well and accomplish specific nonmonotonic reasoning tasks flexibly.

[1]  Jan Hladik,et al.  Using OWL DL Reasoning to Decide about authorization in RBAC , 2008, OWLED.

[2]  Chen Zhao,et al.  Representation and Reasoning on RBAC: A Description Logic Approach , 2005, ICTAC.

[3]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.

[4]  Nematollaah Shiri,et al.  Formalization of RBAC Policy with Object Class Hierarchy , 2007, ISPEC.

[5]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[6]  J. W. Lloyd,et al.  Foundations of logic programming; (2nd extended ed.) , 1987 .

[7]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[8]  Yan Zhang,et al.  A Logic Based Approach for Dynamic Access Control , 2004, Australian Conference on Artificial Intelligence.

[9]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Wei Zhang,et al.  A Logic-Based RBAC Framework for Flexible Policies , 2012, 2012 Eighth International Conference on Semantics, Knowledge and Grids.

[11]  Wolfgang Faber,et al.  Logic Programming and Nonmonotonic Reasoning , 2011, Lecture Notes in Computer Science.

[12]  Fabio Massacci,et al.  Reasoning About Security: A Logic and a Decision Method for Role-Based Access Control , 1997, ECSQARU-FAPR.

[13]  Ravi S. Sandhu A Perspective on Graphs and Access Control Models , 2004, ICGT.

[14]  Xinghuo Yu,et al.  AI 2004: Advances in Artificial Intelligence, 17th Australian Joint Conference on Artificial Intelligence, Cairns, Australia, December 4-6, 2004, Proceedings , 2004, Australian Conference on Artificial Intelligence.

[15]  Elisa Bertino,et al.  Supporting RBAC with XACML+OWL , 2009, SACMAT '09.

[16]  Peter P. Chen,et al.  Graph-theoretic method for merging security system specifications , 2007, Inf. Sci..

[17]  Vladimir Lifschitz,et al.  Answer Set Programming , 2019 .

[18]  Luigi V. Mancini,et al.  A graph-based formalism for RBAC , 2002, TSEC.

[19]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[20]  Karsten Sohr,et al.  A temporal-logic extension of role-based access control covering dynamic separation of duties , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[21]  Ilkka Niemelä,et al.  Smodels - An Implementation of the Stable Model and Well-Founded Semantics for Normal LP , 1997, LPNMR.

[22]  Wolfgang Faber,et al.  Declarative problem-solving using the DLV system , 2000 .

[23]  Rudolf Kruse,et al.  Qualitative and Quantitative Practical Reasoning , 1997, Lecture Notes in Computer Science.

[24]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[25]  Martin Wirsing,et al.  Theoretical Aspects of Computing - ICTAC 2005, Second International Colloquium, Hanoi, Vietnam, October 17-21, 2005, Proceedings , 2005, ICTAC.