Abstract
Role based access control is one of the widely used access control models. There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis (FCA), description logics, and Ontology for representing access control mechanism. However, while using FCA, investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts. This transformation is mainly to derive the formal concepts, lattice structure and implications to represent role hierarchy and constraints of RBAC. In this work, we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts. Our discussion is on two lines of inquiry. We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
SANDHU R S. Lattice-based access control models [J]. Computer, 1993, 26(11): 9–19.
SANDHU R, FERRAIOLO D, KUHN R. The NIST model for role-based access control: Towards a unified standard [C]// ACM Workshop on Role-based Access Control. Berlin: ACM Digital Library, 2000: 47–63.
FERRAIOLO D F, SANDHU R, GAVRILA S, KHUN D R, CHANDRAMOULI R. Proposed NIST standard for role-based access control [J]. ACM Transactions on Information and System Security, 2001, 4(3): 224–274.
BISHOP M. Introduction to computer security [M]. Boston: Addison-Wesley, 2005: 26–64.
FADHEL A B, BIANCULLI D, BRIAND L. A comprehensive modeling framework for role-based access control policies [J]. Journal of Systems and Software, 2015, 107: 110–126.
MARTÍNEZ-GARCÍA C, NAVARRO-ARRIBA G, BORRELL J. Fuzzy role-based access control [J]. Information Processing Letters, 2011, 111(10): 483–487.
HUANG H, SHANG F, LIU J. Handling least privilege problem and role mining in RBAC [J]. Journal of Combinatorial Optimization, 2013, 30(1): 1–24.
KIM S, KIM D K, LU L, KIM S, PARK S. A feature-based approach for modeling role-based access control systems [J]. Journal of Systems and Software, 2011, 84(12): 2035–2052.
ZHAO C, HEILILI N, LIU S, LIN Z. Representation and reasoning on rbac: A description logic approach [C]// Intel Colloquium on Theoretical Aspects of Computing. Hanoi: Springer Berlin Heidelberg, 2005, 3722: 381–393.
CHAE J. Modeling of the role-based access control policy with constraints using description logic [C]// Intel Conference on Computational Science and its Applications. Kuala Lumpur: Springer Berlin Heidelberg, 2007, 4705: 500–511.
ZHANG R, ARTALE A, GIUNCHIGLIA F, CRISPO B. Using description logics in relation based access control [R]. Italy: University of Trento, 2009.
BERTINO E, FERRARI E, ATLURI V. The specification and enforcement of authorization constraints in workflow management systems [J]. ACM Transactions on Information and System Security, 1999, 2(1): 65–104.
THION R, COULONDRE S. Representation and reasoning on role-based access control policies with conceptual graphs [C]// Intel Conference on Conceptual Structures. Denmark: Springer Berlin Heidelberg, 2006, 4068: 427–440.
CHOI C, CHOI J, KIM P. Ontology-based access control model for security policy reasoning in cloud computing [J]. The Journal of Supercomputing, 2014, 67(3): 711–722.
KNECHTEL M. Access restrictions to and with description logic web ontologies [D]. Dresden: Technische Universität Dresden, 2011.
MOULISWARAN S C, KUMAR C A, CHANDRASEKAR C. Inter-domain role based access control using ontology [C]// IEEE Intel Conference on Advances in Computing, Communications and Informatics. Kochi: IEEE Press, 2015: 2027–2032.
KUMAR C. Designing role-based access control using formal concept analysis [J]. Security and Communication Networks, 2013, 6(3): 373–383.
JIAO S, LIU Y, HU H, WEI D, ZHANG Y. Dynamic policy access model based on formal concept analysis [C]// IEEE Intel Conference on Wireless Communications, Networking and Mobile Computing. Dalian: IEEE Press, 2008: 1–5.
SELLAMI M, GAMMOUDI M M, HACI M S. Secure data integration: A formal concept analysis based approach [C]// Intel Conference on Database and Expert Systems Applications. Munich: Springer International Publishing, 2014, 8645: 326–333.
KUMAR C A, SINGH P K. Knowledge representation using formal concept analysis: A study on concept generation [M]// Global Trends in Intelligent Computing Research and Development. IGI Global, 2013: 306–336.
WILLE R. Conceptual graphs and formal concept analysis [C]// Intel Conference on Conceptual Structures. Washington: Springer Berlin Heidelberg, 1997, 1257: 290–303.
STUMME G. Formal concept analysis [M]// Handbook on Ontologies. Springer Science & Business Media, 2013: 177–179.
POELMANS J, KUZNETSOV S O, IGNATOV D I, DEDENE G. Formal concept analysis in knowledge processing: A survey on models and techniques [J]. Expert Systems with Applications, 2013, 40(16): 6601–6623.
KUMAR C A, SRINIVAS S. Concept lattice reduction using fuzzy K-Means clustering [J]. Expert Systems with Applications, 2010, 37(3): 2696–2704.
OBIEDKOV S, KOURIE D G, ELOFF J H. Building access control models with attribute exploration [J]. Computers & Security, 2009, 28(1/2): 2–7.
SOBIESKI Ś, ZIELIŃSKI B. Modelling role hierarchy structure using the formal concept analysis [J]. Annales UMCS Sectio AI Informatica, 2010, 10(2): 143–159.
HAN D J, ZHUO H K, XIA L T, LI L. Permission and role automatic assigning of user in role-based access control [J]. Journal of Central South University, 2012, 19(4): 1049–1056.
KUMAR C A. Modeling access permissions in role based access control using formal concept analysis [C]// Intel Conference on Information Processing. Bangalore: Springer Berlin Heidelberg, 2012, 292: 578–583.
LEHMANN F, WILLE R. A triadic approach to formal concept analysis [C]// Intel Conference on Conceptual Structures. Santa Cruz: Springer Berlin Heidelberg, 1995, 954: 32–43.
WILLE R. The basic theorem of triadic concept analysis [J]. Order, 1995, 12(2): 149–158.
DAU F, WILLE R. On the modal understanding of triadic contexts [C]// Annual Conference on Classification and Information Processing at the Turn of the Millennium. University of Bielefeld: Springer Berlin Heidelberg, 2000: 83–94.
GANTER B, OBIEDKOV S. Implications in triadic formal contexts [C]// Intel Conference on Conceptual Structures. Huntsville, USA: Springer Berlin Heidelberg, 2004, 3127: 186–195.
IGNATOV D I, GNATYSHAK D V, KUZNETSOV S O, MIRKIN B G. Triadic formal concept analysis and triclustering: searching for optimal patterns [J]. Machine Learning, 2015, 101(1): 1–32.
KAYTOUE M, KUZNETSOV S O, MACK J, NAPOLI A. Biclustering meets triadic concept analysis [J]. Annals of Mathematics and Artificial Intelligence, 2014, 70(1): 55–79.
GLODEANU C V. Fuzzy-valued triadic implications [C]// Intel Conference on Concept Lattices and their Applications. Nancy, France: CLA, 2011: 159–173.
SANDHU R. Role hierarchies and constraints for lattice-based access controls [C]// European Symposium on Research in Computer Security. Rome: Springer Berlin Heidelberg, 1996, 1146: 65–79.
KUGBLENU F M, ASIM M. Separation of duty in role based access control system: A case study [D]. Sweden: Blekinge Institute of Technology, 2007.
CHEN L. Analysing and developing role-based access control models [D]. London: Department of Mathematics Royal Holloway, University of London, 2011.
KUHN D R, COYNE E J, WEIL T R. Adding attributes to role-based access control [J]. Computer, 2010, 43(6): 79–81.
COYNE E, WEIL T R. ABAC and RBAC: Scalable, flexible, and auditable access management [J]. IT Professional, 2013, 15(3): 14–16.
UNAL D, ÇAGLAYAN M U. A formal role-based access control model for security policies in multi-domain mobile networks [J]. Computer Networks, 2013, 57(1): 330–350.
JASCHKE R, HOTHO A, SCHMITZ C, GANTER B, STUMME G. TRIAS−An algorithm for mining iceberg tri-lattices [C]// IEEE Intel Conference on Data Mining. Hong Kong: ICDM, 2006: 907–911.
KONECNY J, OSICKA P. General approach to triadic concept analysis [J]. Society for Industrial and Applied Mathematics Review, 2009, 51(3): 455–500.
STUMME G. A finite state model for on-line analytical processing in triadic contexts [C]// Intel Conference on Formal Concept Analysis. Lens, France: Springer Berlin Heidelberg, 2005, 3403: 315–328.
MOULISWARAN S C, KUMAR C A, CHANDRASEKAR C. Modeling Chinese wall access control using formal concept analysis [C]// IEEE Intel Conference on Contemporary Computing and Informatics. Mysore: IEEE Press, 2014: 811–816.
MOULISWARAN S C, KUMAR C A, CHANDRASEKAR C. Representation of multiple domain role based access control using FCA [C]// IEEE Intel Conference on Electrical, Computer and Communication Technologies. Coimbatore: IEEE Press, 2015, 2: 797–799.
SUBRAMANIAN C, CHERUKURI A K, CHELLIAH C. Modeling fuzzy role based access control using fuzzy formal concept analysis [C]// Intel Symposium on Security in Computing and Communications. Kochi: Springer International Publishing, 2015, 536: 176–185.
TANG Ya-qiang, FAN Min, LI Jin-hai. An information fusion technology for triadic decision contexts [J]. Intel Journal of Machine Learning and Cybernetics, 2016, 7(1): 13–24.
POELMANS J, IGNATOV D I, KUZNETSOV S O, DEDENE G. Formal concept analysis in knowledge processing: A survey on applications [J]. Expert systems with applications, 2013, 40(16): 6538–6560.
CH A K, DIAS S M, VIEIRA N J. Knowledge reduction in formal contexts using non-negative matrix factorization [J]. Mathematics and Computers in Simulation, 2015, 109: 46–63.
KUMAR C A, ISHWARYA M S, LOO C K. Formal concept analysis approach to cognitive functionalities of bidirectional associative memory [J]. Biologically Inspired Cognitive Architectures, 2015, 12: 20–33.
KUMAR C A. Fuzzy clustering-based formal concept analysis for association rules mining [J]. Applied Artificial Intelligence, 2012, 26(3): 274–301.
BELOHLAVEK R, OSICKA P. Triadic concept lattices of data with graded attributes [J]. International Journal of General Systems, 2012, 41(2): 93–108.
BELOHLAVEK R, OSICKA P. Triadic concept analysis of data with fuzzy attributes [C]// IEEE Intel Conference on Granular Computing (GrC). San Jose: IEEE Press, 2010: 661–665.
BELOHLAVEK R, OSICKA P. Triadic fuzzy Galois connections as ordinary connections [J]. Fuzzy Sets and Systems, 2014, 249: 83–99.
ZHUK R, IGNATOV D I, KONSTANTINOVA N. Concept learning from triadic data [C]// Intel Conference on Information Technology and Quantitative Management. Moscow: Procedia Computer Science, 2014, 31: 928–938.
VOUTSADAKIS G. Polyadic concept analysis [J]. Order, 2002, 19(3): 295–304.
TANG Ya-qiang, FAN Min, LI Jin-hai. Cognitive system model and approach to transformation of information granules under triadic formal concept analysis [J]. Journal of Shandong University (Natural Science), 2014, 49(8): 102–106.
GAJDOŠ P, RADECKÝ M. MAS development and its analysis based on FCA [R]. Ostrava-Poruba: Technical University of Ostrava.
SHIVHARE R, CHERUKURI A K. Three-way conceptual approach for congnitive memory functionalities [J]. International Journal of Machine Learning and Cybernetics, 2016: 1–14.
Acknowledgement
One of the authors, Ch. Aswani Kumar, sincerely acknowledges the financial support from Department of Science and Technology, Government of India under the grant: SR/CSRI/118/2014.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kumar, C.A., Mouliswaran, S.C., Li, Jh. et al. Role based access control design using triadic concept analysis. J. Cent. South Univ. 23, 3183–3191 (2016). https://doi.org/10.1007/s11771-016-3384-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11771-016-3384-6