Skip to main content

Advertisement

SpringerLink
Log in

OrBAC from access control model to access usage model

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

The purpose based access control model has been proposed recently to restrict the access to the sensitive data which are out of control of their owner. This model can be enforced by ensuring that the user who wants to access the private data will respect the specific plan of tasks/actions that leads to achieving the intended objective to use these data. The Organization Based Access Control (OrBAC) model is suitable to integrate this principle, but in a dynamic environment such as the cloud computing, the authorization rules should be expressed in flexible way, and they may include optional tasks which can be skipped in some cases in order to adapt temporarily to the changes in the context. To meet these requirements, we propose in this paper a new extension of the OrBAC model using the temporal nonmonotonic description logic (\(\textit {TL-JClassic}^{+}_{\delta \epsilon }\)) that allows to represent formally the policy rules as hierarchical planning that includes a set of ordered tasks that may admit exceptions in special cases and when the access request is made, the access control system depending on the current context will infer dynamically the appropriate sequence of actions that can be performed by subject who demands access to private data that may be outsourced into the cloud.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. b 0is a constant used as a denotation of ⊥.

References

  1. Allen JF (1983) Maintaining knowledge about temporal intervals. Commun ACM 26(11):832–843

    Article  MATH  Google Scholar 

  2. Artale A, Franconi E (1998) A temporal description logic for reasoning about actions and plans. J Artif Intell Res 9:463–506

    MathSciNet  MATH  Google Scholar 

  3. Artale A, Franconi E (2000) A survey of temporal extensions of description logics. Ann Math Artif Intell 30(1-4):171–210

    Article  MathSciNet  MATH  Google Scholar 

  4. Artale A, Franconi E (2005) Temporal description logics. Handbook of Time and Temporal Reasoning in Artificial Intelligence 1

  5. Baader F, Hollunder B (1995) Embedding defaults into terminological knowledge representation formalisms. J Autom Reason 14(1):149–180

    Article  MathSciNet  Google Scholar 

  6. Baader F, Horrocks I, Sattler U (2009) Description logics. In: Handbook on Ontologies. Springer, pp 21–43

  7. Benferhat S, Tolba M, Tabia K, Belkhir A (2016) Representing sequences of actions in access control security policies. In: Proceedings of the 1st International Workshop on AI for Privacy and Security. ACM, p 5

  8. Benferhat S, Tolba M, Tabia K et al (2016) Integrating non elementary actions in access control models. In: Proceedings of the 9th International Conference on Security of Inform ation and Networks. ACM, pp 28–31

  9. Bettaz O, Boustia N, Mokhtari A (2013) Extending nonmonotonic description logic with temporal aspects. In: 2013 IEEE International Symposium on Innovations in intelligent systems and applications (INISTA). IEEE, pp 1–5

  10. Bonatti PA, Samarati P (2004) Logics for authorizations and security. In: Logics for Emerging Applications of Databases. Springer, pp 277–323

  11. Boustia N, Mokhtari A (2010) A contextual multilevel access control model with default and exception description logic. In: 2010 International Conference for Internet technology and secured transactions (ICITST). IEEE, pp 1–6

  12. Boustia N, Mokhtari A (2012) A dynamic access control model. Appl Intell 36(1):190–207

    Article  Google Scholar 

  13. Byun JW, Li N (2006) Purpose based access control for privacy protection in relational database systems. VLDB J 17(4):603– 619

    Article  Google Scholar 

  14. Byun JW, Bertino E, Li N (2005) Purpose based access control of complex data for privacy protection. In: Proceedings of the tenth ACM symposium on Access control models and technologies. ACM, pp 102–110

  15. Casini G, Straccia U (2013) Defeasible inheritance-based description logics. J Artif Intell Res 48:415–473

    MathSciNet  MATH  Google Scholar 

  16. Cranor L, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J (2002) The platform for privacy preferences 1.0 (p3p1. 0) specification. W3C recommendation 16

  17. Cuppens F, Miège A (2003) Modelling contexts in the or-bac model. In: Proceedings of 19th applied computer security associates conference (ACSAC 2003), Las Vegas, Nevada. IEEE, pp 416–425

  18. Debruyne R, Bessiere C (1997) From restricted path consistency to max-restricted path consistency. In: Principles and Practice of Constraint Programming-CP97. Springer, pp 312–326

  19. Farzad F, Eric S, Hung PC (2007) Role-based access control requirements model with purpose extension. In: WER, pp 207–216

  20. Jafari M, Safavi-Naini R, Sheppard NP (2009) Enforcing purpose of use via workflows. In: Proceedings of the 8th ACM workshop on Privacy in the electronic society. ACM, pp 113–116

  21. Jafari M, Fong PW, Safavi-Naini R, Barker K, Sheppard NP (2011) Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the first ACM conference on Data and application security and privacy. ACM, pp 213–224

  22. Kabir ME, Wang H, Bertino E (2010) A role-involved conditional purpose-based access control model. In: E-government, E-Services and Global Processes. Springer, pp 167–180

  23. Kalam AAE, Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miege A, Saurel C, Trouessin G (2003) Organization based access control. In: 2003 IEEE 4th International Workshop on Policies for Distributed Systems and Networks. Proceedings. POLICY 2003. IEEE, pp 120–131

  24. Krokhin A, Jeavons P, Jonsson P (2003) Reasoning about temporal relations: The tractable subalgebras of allen’s interval algebra. J ACM (JACM) 50(5):591–640

    Article  MathSciNet  MATH  Google Scholar 

  25. Mackworth AK (1977) Consistency in networks of relations. Artif Intell 8(1):99–118

    Article  MathSciNet  MATH  Google Scholar 

  26. Mackworth AK, Freuder EC (1985) The complexity of some polynomial network consistency algorithms for constraint satisfaction problems. Artif Intell 25(1):65–74

    Article  Google Scholar 

  27. Mell P, Grance T et al (2011) The nist definition of cloud computing

  28. Nebel B, Bürckert HJ (1995) Reasoning about temporal relations: a maximal tractable subclass of allen’s interval algebra. J ACM (JACM) 42(1):43–66

    Article  MathSciNet  MATH  Google Scholar 

  29. Ni Q, Lin D, Bertino E, Lobo J (2007) Conditional privacy-aware role based access control. In: Computer Security–ESORICS 2007. Springer, pp 72–89

  30. Ni Q, Bertino E, Lobo J, Brodie C, Karat CM, Karat J, Trombeta A (2010) Privacy-aware role-based access control. ACM Trans Inf Syst Secur (TISSEC) 13(3):24

    Article  Google Scholar 

  31. Padgham L, Nebel B (1993) Combining classification and nonmonotonic inheritance reasoning: A first step. Springer, Berlin

    Google Scholar 

  32. Padgham L, Zhang T (1993) A terminological logic with defaults: a definition and an application. In: IJCAI, vol 93, pp 662–668

  33. Tschantz MC, Datta A, Wing JM (2012) Formalizing and enforcing purpose restrictions in privacy policies. In: 2012 IEEE Symposium on Security and privacy (SP). IEEE, pp 176–190

  34. Vilain MB, Kautz HA (1986) Constraint propagation algorithms for temporal reasoning. In: Aaai, vol 86, pp 377–382

  35. Weida R, Litman D (1994) Subsumption and recognition of heterogeneous constraint networks. In: 1994 Proceedings of the Tenth Conference on Artificial Intelligence for Applications. IEEE, pp 381–388

  36. Weida RA, Litman DJ (1992) Terminological reasoning with constraint networks and an application to plan recognition. KR 92:282–293

    Google Scholar 

  37. Zuniga RA, Festin S (2017) A design for task-role based access control for personal health record systems. Philippine Eng J 38(1)

Download references

Author information

Authors and Affiliations

  1. SIIR/LRDSI, Blida 1 University, Blida, Algeria

    Khalida Guesmia

  2. SIIR/LRDSI(Blida1) & RCR/RIIMA(USTHB), Blida 1 University, Blida, Algeria

    Narhimene Boustia

Authors
  1. Khalida Guesmia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Narhimene Boustia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Khalida Guesmia.

Appendix

Appendix

In this section, we present the main algorithms that are used to develop \(\textit {TL-JClassic}^{+}_{\delta \epsilon }\) tool:

figure d
figure e
figure f
figure g

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Guesmia, K., Boustia, N. OrBAC from access control model to access usage model. Appl Intell 48, 1996–2016 (2018). https://doi.org/10.1007/s10489-017-1064-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-017-1064-3

Keywords

Search

Navigation