[1] Sun Xiaolin, Lu Zhengding, Li Ruixuan, Wang Zhigang, et al. Novel scheme to specify and integrate RBAC policybased on ontology [J]. Journal of Southeast University (English Edition), 2007, 23 (3): 394-398. [doi:10.3969/j.issn.1003-7985.2007.03.018]

Copy

Novel scheme to specify and integrate RBAC policybased on ontology()

一种基于本体的RBAC策略与集成方法

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

23

Issue:

2007 3

Page:

394-398

Research Field:

Computer Science and Engineering

Publishing date:

2007-09-30

Info

Title:

Novel scheme to specify and integrate RBAC policybased on ontology

一种基于本体的RBAC策略与集成方法

Author(s):

Sun Xiaolin, Lu Zhengding, Li Ruixuan, Wang Zhigang, Wen Kunmei

College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China

孙小林, 卢正鼎, 李瑞轩, 王治刚, 文坤梅

华中科技大学计算机科学与技术学院, 武汉 430074

Keywords:

ontology;  policy;  role-based access control

本体;  策略;  基于角色访问控制

PACS:

TP301

DOI:

10.3969/j.issn.1003-7985.2007.03.018

Abstract:

To describe and integrate various policies applied in different domains, the definition of the family of OntoRBAC based on the ontology of a general role-based access control(RBAC)policy is proposed, which can support and extend the RBAC96 model.The uniform ontology-based description mechanism of secure policies is applied in OntoRBAC, which can be used to describe different secure policies in distributed systems and integrate policies in semantic level with upper concepts.In addition, some rules have been defined to reason within the OntoRBAC to extend the inference algorithms in ontology, which makes the system accommodate itself to RBAC policies better.

为了实现不同异构自治域之间安全策略的统一描述与集成, 以本体为基础, 提出了一种支持RBAC96 模型的基于角色访问控制策略定义机制OntoRBAC.利用本体的通用性, 对不同异构系统的安全策略进行统一描述, 并能够利用本体的上层概念描述从语义层次上实现对不同策略的集成, 并以此为基础, 提出了一套用于策略描述的本体模型族.为了实现访问控制决策的推理, OntoRBAC以规则的定义为基础, 扩展本体推理算法, 使其更适用于描述与推理不同自治域的RBAC策略.

References:

[1] Sandhu Ravi S, Coynek Edward J, Feinsteink Hal L, et al.Role-based access control models [J].IEEE Computer, 1996, 29(2):38-47.
[2] Jajodia S, Samarati P, Sapino M, et al.Flexible support for multiple access control policies [J].ACM Transactions on Database Systems, 2001, 26(2):214-260.
[3] Baader F, Calvanese D, McGuinness D, et al.The description logic handbook:theory, implementation and applications [M].London:Cambridge University Press, 2003:47-100.
[4] Jajodia S, Samarati P, Subrahmanian V S.A Logical Language for Expressing Authorizations[C]//Proceedings of the IEEE Symposium on Security and Privacy.Washington, DC:IEEE Computer Society Press, 1997:31-42.
[5] Moses T.eXtensible access control markup language(XACML)[EB/OL].(2003-02-18)[2007-04-20].http://www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf.
[6] Joshi J B D.Access-control language for multidomain environments[J].IEEE Internet Computing, 2004, 8(6):40-50.
[7] Uszok A, Bradshaw J, Jeffers R, et al.KAoS policy and domain services:toward a description-logic approach to policy representation, deconfliction, and enforcement[C]//Proc of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks.Washington, DC:IEEE Computer Society, 2003:93-96.
[8] Kagal L, Finin T, Joshi A.A policy language for pervasive systems[C]//Proc of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks.Washington, DC:IEEE Computer Society, 2003:63-71.
[9] Mike D.OWL web ontology language reference.W3C Recommendation 10 February 2004[EB/OL].(2004-02-10)[2007-04-20].http://www.w3.org/TR/owl-ref/.
[10] Wang Zhigang, Wang Xiaogang, Lu Zhengding, et al.OntoRBAC:specify and integrate RBAC policies with ontologies[J].Computer Science, 2007, 34(2):82-85.(in Chinese)

Memo

Memo:

Biographies: Sun Xiaolin(1980—), male, graduate;Lu Zhengding(corresponding author), male, professor, zdlu@hust.edu.cn.

Common functions