Abstract
Rule-Based RBAC (RB-RBAC) provides the mechanism to dynamically assign users to roles based on authorization rules defined by security policy. In RB-RBAC, seniority levels of rules are also introduced to express domination relationship among rules. Hence, relations among attribute expressions may be quite complex and security officers may perform incorrect or unintended assignments if they are not aware of such relations behind authorization rules. We proposed a formalization of RB-RBAC by description logic. A seniority relation determination method is developed based on description logic reasoning services. This method can find out seniority relations efficiently even for rules without identical syntax structures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Model. IEEE Computer 2, 38–47 (1996)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, R.: Proposed NIST Standard for role-based access control: towards a unified standard. ACM Transaction on Information and System Security (TISSEC) 3, 224–274 (2001)
Al-Kahtani, M., Sandhu, R.: A Model for Attribute-Based User-Role Assignment. In: Proc. 18th Annu. Computer Security Applications Conf., Las Vegas, Nevada, USA, pp. 353–362 (2002)
Al-Kahtani, M., Sandhu, R.: Induced Role Hierarchies with Attribute-Based RBAC. In: Proc. ACM SACMAT 2003, Villa Gallia, Como, Italy, pp. 142–148 (2003)
Al-Kahtani, M., Sandhu, R.: Rule-Based RBAC with Negative Authorization. In: Proc. 20th Annu. Computer Security Applications Conf., Tucson, Arizona, USA, pp. 405–415 (2004)
Uszok, A., Bradshaw, J., Jeffers, R., et al.: KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: Proceedings of IEEE Fourth International Workshop on Policy (Policy 2003), Lake Como, Italy, June 4-6, 2003, pp. 93–98. IEEE Computer Society, Los Alamitos, CA (2003)
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, Springer, Heidelberg (2001)
Kagal, L., Finin, T., Johshi, A.: A Policy Language for Pervasive Computing Environment. In: Proceedings of IEEE Fourth International Workshop on Policy (Policy 2003), Lake Como, Italy, June 4-6, 2003, pp. 63–76. IEEE Computer Society, Los Alamitos, CA (2003)
Baader, F., Calvanese, D., et al.: The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, Cambridge (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xie, Q., Liu, D., Yu, H. (2006). Using Description Logic to Determine Seniority Among RB-RBAC Authorization Rules. In: Wang, GY., Peters, J.F., Skowron, A., Yao, Y. (eds) Rough Sets and Knowledge Technology. RSKT 2006. Lecture Notes in Computer Science(), vol 4062. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11795131_88
Download citation
DOI: https://doi.org/10.1007/11795131_88
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36297-5
Online ISBN: 978-3-540-36299-9
eBook Packages: Computer ScienceComputer Science (R0)