Abstract
Role Based Access Control (RBAC) is a methodology for providing users in an IT system specific permissions like write or read to users. It abstracts from specific users and binds permissions to user roles. Similarly, one can abstract from specific documents and bind permission to document types.
In this paper, we apply Description Logics (DLs) to formalize RBAC. We provide a thorough discussion on different possible interpretations of RBAC matrices and how DLs can be used to capture the RBAC constraints. We show moreover that with DLs, we can express more intended constraints than it can be done in the common RBAC approach, thus proving the benefit of using DLs in the RBAC setting. For deriving additional constraints, we introduce a strict methodology, based on attribute exploration method known from Formal Concept Analysis. The attribute exploration allows to systematically finding unintended implications and to deriving constraints and making them explicit. Finally, we apply our approach to a real-life example.
This research was funded by the German Federal Ministry of Economics and Technology under the promotional reference 01MQ07012 and the German Federal Ministry of Education and Research under grant number 01IA08001A.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Lampson, B.: Protection. In: Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437–443 (1971)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: RBAC 2000: Proceedings of the fifth ACM workshop on Role-based access control, pp. 47–63. ACM Press, New York (2000)
Saunders, G., Hitchens, M., Varadharajan, V.: Role-based access control and the access control matrix. SIGOPS Oper. Syst. Rev. 35(4), 6–20 (2001)
Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F.: The Description Logic Handbook: Theory, Implementation and Applications, 2nd edn. Cambridge University Press, Cambridge (2007)
Knechtel, M., Hladik, J.: RBAC authorization decision with DL reasoning. In: ICWI 2008: Proceedings of the IADIS Int. Conf. WWW/Internet (2008)
Knechtel, M., Hladik, J., Dau, F.: Using OWL DL reasoning to decide about authorization in RBAC. In: OWLED 2008: Proceedings of the OWLED 2008 Workshop on OWL: Experiences and Directions (2008)
Baader, F., Ganter, B., Sattler, U., Sertkaya, B.: Completing description logic knowledge bases using formal concept analysis. In: Proceedings of the Twentieth Int. Joint Conf. on Artificial Intelligence (IJCAI 2007). AAAI Press, Menlo Park (2007)
Lutz, C., Sattler, U.: Mary likes all cats. In: Baader, F., Sattler, U. (eds.) Proceedings of the 2000 Int. Workshop in Description Logics (DL 2000), Aachen, Germany, August 2000. CEUR-WS, vol. 33, pp. 213–226. RWTH Aachen (2000), http://SunSITE.Informatik.RWTH-Aachen.DE/Publications/CEUR-WS/Vol-33/
Rudolph, S., Krötzsch, M., Hitzler, P.: All elephants are bigger than all mice. In: Proceedings of the 21st International Workshop on Description Logics (DL 2008) (2008)
Ganter, B., Obiedkov, S.A.: Implications in triadic formal contexts. In: Wolff, K.E., Pfeiffer, H.D., Delugach, H.S. (eds.) ICCS 2004. LNCS, vol. 3127, pp. 186–195. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dau, F., Knechtel, M. (2009). Access Policy Design Supported by FCA Methods. In: Rudolph, S., Dau, F., Kuznetsov, S.O. (eds) Conceptual Structures: Leveraging Semantic Technologies. ICCS 2009. Lecture Notes in Computer Science(), vol 5662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03079-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-03079-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03078-9
Online ISBN: 978-3-642-03079-6
eBook Packages: Computer ScienceComputer Science (R0)