Skip to main content
SpringerLink
Log in

A dynamic access control model

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

The proposed dynamic access control model is based on description logic (DL) augmented with a default (δ) and an exception (ε) operator to capture context features. Currently, this model has an expressivity almost comparable to OrBAC system (OrBAC (Organization Based Access Control) has been formalized in first order logic), all features needed for real attribution of authorization, i.e., assigning authorization to a user according to its role in an organization in a given context. A notable difference of our model is the allowing of composed context, the addition of new context and the deduction of new authorization depending on context.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Sandhu R, Coyne EJ, Feinstein HL, Youman CE (1996) Role based access control models. IEEE Trans Comput 29(2):38–47

    Google Scholar 

  2. Ferraiolo D, Sandhu R, Gavrila S, Kuhn D, Chandramouli R (2001) Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur 4(3):224–274

    Article  Google Scholar 

  3. Li N, Mitchell J, Winsborough W (2002) Design of a role-based trust-management framework, pp 114–130

  4. Abou El Kalam A, El Baida R, Balbiani P, Benferhat S, Cuppens F, Deswarte Y, Miège A, Saurel C, Trouessin G (2003) Organization based access control. In: 4th IEEE international workshop on policies for distributed systems and networks (Policy’03), Lake Come, Italy, June 2003

  5. Moses T et al (2005) eXtensible Access Control Markup Language (XACML) version 2.0. OASIS Standard 200502

  6. Damianou N, Dulay N, Lupu E, Sloman M (2001) The ponder policy specification language. In: Lecture notes in computer science, vol 1995

  7. Jajodia S, Samarati P, Subrahmanian V (2007) A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE symposium on security and privacy

  8. Kagal L, Finin T, Joshi A (2003) A policy language for pervasive systems. In: 4th IEEE international workshop on policies for distributed systems and networks

  9. Tonti G, Bradshaw JM, Jeffers R, Montanar R, Suril N, Uszokl A (2003) Semantic web languages for policy representation and reasoning: a comparison of Kaos, Rei and Ponder. In: Proceedings of the 2nd international semantic web conference (ISWC2003). Springer, Berlin

    Google Scholar 

  10. Cuppens F, Miège A (2003) Modelling contexts in the ORBAC model. In: 19th annual computer security applications conference, Las Vegas, December 2003

  11. Coupey F, Fouqueré C (1997) Extending conceptual definitions with default knowledge. Comput Intell 13(2)

  12. Baader F, McGuiness DL, Nardi D, Schneider PF (2008) The description logic handbook: theory, implementation and applications. Cambridge University Press, Cambridge

    Google Scholar 

  13. Brachman RJ, McGuinness DL, Patel-Schneider PF, Alperin Resnick L, Borgidan A (1991) Living with CLASSIC: when and how to use a KL-ONE-like language. In: Sowa J (ed) Principles of semantic networks: explorations in the representation of knowledge. Morgan Kaufmann, San Mateo, pp 401–456

    Google Scholar 

  14. Brachman RJ, McGuinness DL, Alperin Resnick L, Borgida A (1989) CLASSIC: a structural data model for objects. In: Proceedings of the 1989 ACM SIGMOD international conference on management of data, June 1989, pp 59–67

  15. http://owl.man.ac.uk/factplusplus/, 2007

  16. http://www.racer-systems.com/products/racerpro/index.phtml, 2010

  17. http://www.cs.man.ac.uk/sattler/reasoners.html, 2010

  18. http://www.kaon2.semanticweb.org, 2003

  19. http://www.clarkparsia.com/pellet, 2009

  20. Reiter R (1980) A logic for default reasoning. Artif Intell 13(1–2):81–132

    Article  MATH  MathSciNet  Google Scholar 

  21. Quantz J et al (1992) A preference semantics for defaults in terminological logics. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 294–305

  22. Padgham L et al (1993) Combining classification and nonmonotonic inheritance reasoning: a first step. In: 7th international symposium on methodologies for intelligent systems, Trondheim, Norway, pp 15–18

  23. Padgham L et al (1993) A terminological logic with defaults: a definition and an application. In: 13th international joint conference on artificial intelligence, Chambéry, France, pp 663–668

  24. Baader F et al (1992) Embedding defaults into termilogical knowledge representation formalisms. In: Principles of knowledge representation and reasoning: 3rd international conference, pp 306–317

  25. Baader F et al (1995) Embedding defaults into termilogical knowledge representation formalisms. J Autom Reason 14(1):149–180

    Article  MathSciNet  Google Scholar 

  26. Straccia U (1993) Default inheritance reasoning in hybrid KL-ONE-style logics. In: IJCAI’93. Morgan Kaufmann, San Mateo, pp 676–681

    Google Scholar 

  27. Donini FM et al (2002) Description logics of minimal knowledge and negation as failure. ACM Trans Comput Log 3(2):177–225

    Article  MathSciNet  Google Scholar 

  28. Donini FM et al (1998) An epistemic operator for description logics. Artif Intell 100(1–2):225–274

    Article  MATH  MathSciNet  Google Scholar 

  29. Cadoli M et al (1990) Closed word reasoning in hybrid systems. In: Methodologies for intelligent systems (ISMIS’90). North Holland, Amsterdam, pp 474–481

    Google Scholar 

  30. Bonatti PA et al (2006) Expressive non-monotonic description logics based on circumscription. In: KR’06. AAAI Press, Menlo Park, pp 400–410

    Google Scholar 

  31. Gomez S et al (2008) An argumentative approach to reasoning with inconsistent ontologies. In: KROW’08, CRPIT, vol 90. ACS, pp 11–20

  32. Eiter T et al (2009) Realizing default logic over description logic knowledge bases*. In: ECSQARU’09, pp 602–613

  33. Haarslev V et al (2001) Racer system description. In: IJCAR’01. Springer, Berlin, pp 701–706

    Google Scholar 

  34. Brachman RJ (1978) A structural paradigm for representing knowledge. In: Technical report 3605, BBN Report

  35. Zhao C et al (2005) Representation and reasoning on RBAC: a description logic approach. In: Theoretical aspects of computing, ICTAC

  36. Knechtel M et al (2008) RBAC authorization decision with DL reasoning. In: Proceedings of the IADIS international conference WWW/Internet

  37. Finin T et al (2008) ROWLBAC—representing role based access control in OWL. In: Proceedings of the 13th symposium on access control models and technologies, June 2008

  38. Finin T et al (2008) Role based access control and OWL. In: Proceedings of the fourth OWL: experiences and directions workshop, April 2008

  39. Knechtel M et al (2008) Using OWL DL reasoning to decide about authorization in RBAC. In: Proceedings of the OWLED 2008 workshop on OWL: experiences and directions

  40. Yastrebov I (2009) Dynamic authorization specification for RBAC in CERN. In: CERN-BE-Note-2009-037 (CO)

  41. Boustia N, Mokhtari A (2009) \(\mathit{JClassic}^{-}_{\delta \epsilon}\): a non monotonic reasoning system. In: Internal repost No 21-09, LRIA, USTHB, Algeria

  42. Boustia N, Mokhtari A (2008) Representation and reasoning on ORBAC: description logic with defaults and exceptions approach. In: Workshop on privacy and security—artificial intelligence (PSAI), ARES’08, Spain

  43. Boustia N, Mokhtari A (2009) DL δ ε -OrBAC: context based access control. In: WOSIS’09, Italy

  44. Zhu H et al (2009) A practical mandatory access control model for XML databases. Inf Sci 179:1116–1133

    Article  Google Scholar 

  45. Cirstea H et al (2009) Rewrite based specification of access control policies. In: Electronic notes in theoretical computer science, pp 37–54

  46. Kirchner C et al (2009) Analysis of rewrite based access control policies. In: Electronic notes in theoretical computer science, pp 55–75

  47. Collinson M et al. Algebra and logic for access control. In: Formal aspects computing, 2009

  48. He Q et al (2009) Requirements-based access control analysis and policy specification (ReCAPS). Inf Syst Technol 51:993–1009

    Google Scholar 

  49. Artale A et al (1994) A computational account for a description logic of time and action. In: Proceedings of the 4th international conference on the principle of knowledge representation and reasoning, pp 3–14

  50. Artale A et al (1998) A temporal description logic for reasoning about actions and plan. J Artif Intell Res 9:463–506

    MATH  MathSciNet  Google Scholar 

  51. Artale A et al (1999) Temporal ER modeling with description logics. In: Proceedings of the 18th conference on conceptual modeling (ER’99). LNCS, vol 1728. Springer, Berlin, pp 81–95

    Google Scholar 

  52. Artale A et al (2000) A survey of temporal extensions of description logics. Ann Math Artif Intell 1–4:171–210

    Article  MathSciNet  Google Scholar 

  53. Artale A et al (2001) Temporal description logics. In: Handbook of time and temporal reasoning in artificial intelligence. MIT Press, Cambridge

    Google Scholar 

  54. Bettini C (1997) Representation and reasoning using temporal description logics. Data Knowl Eng 22:1–38

    Article  MATH  Google Scholar 

  55. Harrison MA et al (1976) Protection in operating systems. Commun ACM 19(8, 22):461–471

    Article  MATH  Google Scholar 

  56. De Carolis B et al (2007) My map: generating personalized tourist descriptions. Appl Intell J 26(2):111–124

    Article  Google Scholar 

  57. Bennett B et al (2002) Multi-dimensional modal logic as framework for spatio-temporal reasoning. Appl Intell J 17(3):239–251

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Saad Dahlab University, Blida, Algeria

    Narhimene Boustia

  2. USTHB, Algiers, Algeria

    Aicha Mokhtari

Authors
  1. Narhimene Boustia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aicha Mokhtari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Narhimene Boustia.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Boustia, N., Mokhtari, A. A dynamic access control model. Appl Intell 36, 190–207 (2012). https://doi.org/10.1007/s10489-010-0254-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-010-0254-z

Keywords

Search

Navigation