Abstract
The proposed dynamic access control model is based on description logic (DL) augmented with a default (δ) and an exception (ε) operator to capture context features. Currently, this model has an expressivity almost comparable to OrBAC system (OrBAC (Organization Based Access Control) has been formalized in first order logic), all features needed for real attribution of authorization, i.e., assigning authorization to a user according to its role in an organization in a given context. A notable difference of our model is the allowing of composed context, the addition of new context and the deduction of new authorization depending on context.
Similar content being viewed by others
References
Sandhu R, Coyne EJ, Feinstein HL, Youman CE (1996) Role based access control models. IEEE Trans Comput 29(2):38–47
Ferraiolo D, Sandhu R, Gavrila S, Kuhn D, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274
Li N, Mitchell J, Winsborough W (2002) Design of a role-based trust-management framework, pp 114–130
Abou El Kalam A, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. In: 4th IEEE international workshop on policies for distributed systems and networks (Policy’03), Lake Come, Italy, June 2003
Moses T et al (2005) eXtensible Access Control Markup Language (XACML) version 2.0. OASIS Standard 200502
Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: Lecture notes in computer science, vol 1995
Jajodia S, Samarati P, Subrahmanian V (2007) A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE symposium on security and privacy
Kagal L, Finin T, Joshi A (2003) A policy language for pervasive systems. In: 4th IEEE international workshop on policies for distributed systems and networks
Tonti G, Bradshaw JM, Jeffers R, Montanar R, Suril N, Uszokl A (2003) Semantic web languages for policy representation and reasoning: a comparison of Kaos, Rei and Ponder. In: Proceedings of the 2nd international semantic web conference (ISWC2003). Springer, Berlin
Cuppens F, Miège A (2003) Modelling contexts in the ORBAC model. In: 19th annual computer security applications conference, Las Vegas, December 2003
Coupey F, Fouqueré C (1997) Extending conceptual definitions with default knowledge. Comput Intell 13(2)
Baader F, McGuiness DL, Nardi D, Schneider PF (2008) The description logic handbook: theory, implementation and applications. Cambridge University Press, Cambridge
Brachman RJ, McGuinness DL, Patel-Schneider PF, Alperin Resnick L, Borgidan A (1991) Living with CLASSIC: when and how to use a KL-ONE-like language. In: Sowa J (ed) Principles of semantic networks: explorations in the representation of knowledge. Morgan Kaufmann, San Mateo, pp 401–456
Brachman RJ, McGuinness DL, Alperin Resnick L, Borgida A (1989) CLASSIC: a structural data model for objects. In: Proceedings of the 1989 ACM SIGMOD international conference on management of data, June 1989, pp 59–67
http://www.racer-systems.com/products/racerpro/index.phtml, 2010
Reiter R (1980) A logic for default reasoning. Artif Intell 13(1–2):81–132
Quantz J et al (1992) A preference semantics for defaults in terminological logics. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 294–305
Padgham L et al (1993) Combining classification and nonmonotonic inheritance reasoning: a first step. In: 7th international symposium on methodologies for intelligent systems, Trondheim, Norway, pp 15–18
Padgham L et al (1993) A terminological logic with defaults: a definition and an application. In: 13th international joint conference on artificial intelligence, Chambéry, France, pp 663–668
Baader F et al (1992) Embedding defaults into termilogical knowledge representation formalisms. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 306–317
Baader F et al (1995) Embedding defaults into termilogical knowledge representation formalisms. J Autom Reason 14(1):149–180
Straccia U (1993) Default inheritance reasoning in hybrid KL-ONE-style logics. In: IJCAI’93. Morgan Kaufmann, San Mateo, pp 676–681
Donini FM et al (2002) Description logics of minimal knowledge and negation as failure. ACM Trans Comput Log 3(2):177–225
Donini FM et al (1998) An epistemic operator for description logics. Artif Intell 100(1–2):225–274
Cadoli M et al (1990) Closed word reasoning in hybrid systems. In: Methodologies for intelligent systems (ISMIS’90). North Holland, Amsterdam, pp 474–481
Bonatti PA et al (2006) Expressive non-monotonic description logics based on circumscription. In: KR’06. AAAI Press, Menlo Park, pp 400–410
Gomez S et al (2008) An argumentative approach to reasoning with inconsistent ontologies. In: KROW’08, CRPIT, vol 90. ACS, pp 11–20
Eiter T et al (2009) Realizing default logic over description logic knowledge bases*. In: ECSQARU’09, pp 602–613
Haarslev V et al (2001) Racer system description. In: IJCAR’01. Springer, Berlin, pp 701–706
Brachman RJ (1978) A structural paradigm for representing knowledge. In: Technical report 3605, BBN Report
Zhao C et al (2005) Representation and reasoning on RBAC: a description logic approach. In: Theoretical aspects of computing, ICTAC
Knechtel M et al (2008) RBAC authorization decision with DL reasoning. In: Proceedings of the IADIS international conference WWW/Internet
Finin T et al (2008) ROWLBAC—representing role based access control in OWL. In: Proceedings of the 13th symposium on access control models and technologies, June 2008
Finin T et al (2008) Role based access control and OWL. In: Proceedings of the fourth OWL: experiences and directions workshop, April 2008
Knechtel M et al (2008) Using OWL DL reasoning to decide about authorization in RBAC. In: Proceedings of the OWLED 2008 workshop on OWL: experiences and directions
Yastrebov I (2009) Dynamic authorization specification for RBAC in CERN. In: CERN-BE-Note-2009-037 (CO)
Boustia N, Mokhtari A (2009) \(\mathit{JClassic}^{-}_{\delta \epsilon}\): a non monotonic reasoning system. In: Internal repost No 21-09, LRIA, USTHB, Algeria
Boustia N, Mokhtari A (2008) Representation and reasoning on ORBAC: description logic with defaults and exceptions approach. In: Workshop on privacy and security—artificial intelligence (PSAI), ARES’08, Spain
Boustia N, Mokhtari A (2009) DL δ ε -OrBAC: context based access control. In: WOSIS’09, Italy
Zhu H et al (2009) A practical mandatory access control model for XML databases. Inf Sci 179:1116–1133
Cirstea H et al (2009) Rewrite based specification of access control policies. In: Electronic notes in theoretical computer science, pp 37–54
Kirchner C et al (2009) Analysis of rewrite based access control policies. In: Electronic notes in theoretical computer science, pp 55–75
Collinson M et al. Algebra and logic for access control. In: Formal aspects computing, 2009
He Q et al (2009) Requirements-based access control analysis and policy specification (ReCAPS). Inf Syst Technol 51:993–1009
Artale A et al (1994) A computational account for a description logic of time and action. In: Proceedings of the 4th international conference on the principle of knowledge representation and reasoning, pp 3–14
Artale A et al (1998) A temporal description logic for reasoning about actions and plan. J Artif Intell Res 9:463–506
Artale A et al (1999) Temporal ER modeling with description logics. In: Proceedings of the 18th conference on conceptual modeling (ER’99). LNCS, vol 1728. Springer, Berlin, pp 81–95
Artale A et al (2000) A survey of temporal extensions of description logics. Ann Math Artif Intell 1–4:171–210
Artale A et al (2001) Temporal description logics. In: Handbook of time and temporal reasoning in artificial intelligence. MIT Press, Cambridge
Bettini C (1997) Representation and reasoning using temporal description logics. Data Knowl Eng 22:1–38
Harrison MA et al (1976) Protection in operating systems. Commun ACM 19(8, 22):461–471
De Carolis B et al (2007) My map: generating personalized tourist descriptions. Appl Intell J 26(2):111–124
Bennett B et al (2002) Multi-dimensional modal logic as framework for spatio-temporal reasoning. Appl Intell J 17(3):239–251
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Boustia, N., Mokhtari, A. A dynamic access control model. Appl Intell 36, 190–207 (2012). https://doi.org/10.1007/s10489-010-0254-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-010-0254-z