Skip to main content
SpringerLink
Log in

Representation and Reasoning on RBAC: A Description Logic Approach

  • Conference paper
Theoretical Aspects of Computing – ICTAC 2005 (ICTAC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3722))

Included in the following conference series:

Abstract

Role-based access control (RBAC) is recognized as an excellent model for access control in large-scale networked applications. Formalization of RBAC in a logical approach makes it feasible to reason about a specified policy and verify its correctness. We propose a formalization of RBAC by the description logic language \(\mathcal{ALCQ}\). We also show that the RBAC constraints can be captured by \(\mathcal{ALCQ}\). Furthermore, we demonstrate how to make access control decision, perform the RBAC functions as well as check the consistency of RBAC via the description logic reasoner RACER.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29, 38–47 (1996)

    Google Scholar 

  2. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramoli, R.: Proposed nist standard for role-based access control. ACM Transactions on Information and System Security (TISSEC) 4, 224–274 (2001)

    Article  Google Scholar 

  3. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A formal model for role-based access control using graph transformation. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 122–139. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for rbac. ACM Transactions on Information and System Security (TISSEC) 5, 332–365 (2002)

    Article  Google Scholar 

  5. Woo, T.Y., Lam, S.S.: Authorization in distributed systems: A new approach. Journal of Computer Security 2, 107–136 (1993)

    Google Scholar 

  6. Abadi, M., Burrows, M., Lampson, B., Plotkin, G.: A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems 15, 706–734 (1993)

    Article  Google Scholar 

  7. Massacci, F.: Reasoning about security: A logic and a decision method for role-based access control. In: Proceeding of the International Joint Conference on Qualitative and Quantitative Practical Reasoning (ECSQARU/FAPR 1997), pp. 421–435 (1997)

    Google Scholar 

  8. Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore (1999)

    Google Scholar 

  9. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26, 214–260 (2001)

    Article  MATH  Google Scholar 

  10. Bacon, J., Moody, K., Yao, W.: A model of oasis role-based access control and its support for active security. ACM Transactions on Information and System Security (TISSEC) 5, 492–540 (2002)

    Article  Google Scholar 

  11. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC) 6, 71–127 (2003)

    Article  Google Scholar 

  12. Crescini, V.F., Zhang, Y.: A logic based approach for dynamic access control. In: Webb, G.I., Yu, X. (eds.) AI 2004. LNCS (LNAI), vol. 3339, pp. 623–635. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Gligor, V.D., Gavrila, S.I., Ferrailolo, D.: On the formal definition of separation-of-duty policies and their composition. In: Proccedings of IEEE Symposium on Security and Privacy, Oakland, California, pp. 172–185 (1998)

    Google Scholar 

  14. Mossakowski, T., Drouineaud, M., Sohr, K.: A temporal-logic extension of role-based access control covering dynamic separation of duties. In: Proceedings of the 4th International Conference on Temporal Logic, pp. 83–90 (2003)

    Google Scholar 

  15. Ahn, G.J., Sandhu, R.: Role-based authorization constraints specification. ACM Transactions on Information and System Security (TISSEC) 3, 207–226 (2000)

    Article  Google Scholar 

  16. Baader, F., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, Cambridge (2002)

    Google Scholar 

  17. Giacomo, G.D., Lenzerini, M.: A uniform framework for concept definitions in description logics. Journal of Artificial Intelligence Research 6, 87–110 (1997)

    MATH  MathSciNet  Google Scholar 

  18. Schmidt-SchauB, M., Smolka, G.: Attributive concept descriptions with complements. Artifical Intelligence 48, 1–26 (1991)

    Article  Google Scholar 

  19. Haarslev, V., Moller, R.: RACER system description. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 701–723. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  20. Haarslev, V., Moller, R.: Description of the RACER system and its applications. In: International Workshop on Description Logics (DL 2001), Stanford, USA (2001)

    Google Scholar 

  21. RICE (RACER Interactive Client Environment), http://www.b1g-systems.com/ronald/rice/

Download references

Author information

Authors and Affiliations

  1. LMAM, Department of Informatics, School of Math., Peking University, Beijing, 100871, China

    Chen Zhao, Nuermaimaiti Heilili, Shengping Liu & Zuoquan Lin

Authors
  1. Chen Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nuermaimaiti Heilili
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shengping Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zuoquan Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. College of Technology, Vietnam National University, Hanoi, Vietnam

    Dang Van Hung

  2. Institute of Computer Science, LMU Munich, Munich, Germany

    Martin Wirsing

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhao, C., Heilili, N., Liu, S., Lin, Z. (2005). Representation and Reasoning on RBAC: A Description Logic Approach. In: Van Hung, D., Wirsing, M. (eds) Theoretical Aspects of Computing – ICTAC 2005. ICTAC 2005. Lecture Notes in Computer Science, vol 3722. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560647_25

Download citation

  • DOI: https://doi.org/10.1007/11560647_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29107-7

  • Online ISBN: 978-3-540-32072-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation