Design and implementation of context-aware RBAC model based on reasoning

doi:10.3785/j.issn.1008973X.2009.

2009, Vol. 43

Issue (09): 1609-1614 DOI: 10.3785/j.issn.1008973X.2009.

Design and implementation of context-aware RBAC model based on reasoning

JIANG Jie^{1, 2}, ZHANG Jie², CHEN De-ren¹

(1.College of Computer Science and Technology, Zhejiang University, Hangzhou 310027, China;
2. College of Software, Zhejiang University of Technology, Hangzhou 310014, China)

Download:

PDF(711KB) HTML
Export: BibTeX | EndNote (RIS)

Abstract

An extended context-aware role based access control (RBAC) based on reasoning (RC-RBAC) model was proposed by integrating the single contextaware RBAC and reasoning-based RBAC in order to solve the problems of the absence of the adjustment and generation of the context-aware condition dynamically and the incapacity of updating the user authorization according to the adjusted constrain conditions in the existing RBAC. The extended model used the rule reasoning to adjust and generate the context constrains dynamically and start the common sensors and the self-defined sensors to collect the attribute values of the conditions. The access permission to the sensitive data was updated in real time based on the context-aware logic reasoning using the user rules and permission rules. The application results show that the extended RC-RBAC model can be employed in the distributed environment to satisfy the need of the dynamic authorization and reduce the realtime access control management complexity．

CLC:

TP 309.2

	Service
	E-mail this article
	Add to my bookshelf
	Add to citation manager
	E-mail Alert
	RSS
	Articles by authors

Cite this article:

JIANG Jia, ZHANG Jie, CHEN De-Ren. Design and implementation of context-aware RBAC model based on reasoning. J4, 2009, 43(09): 1609-1614.

URL:

http://www.zjujournals.com/eng/10.3785/j.issn.1008973X.2009. OR http://www.zjujournals.com/eng/Y2009/V43/I09/1609

基于推理的上下文感知RBAC模型设计和实现

为了解决现有基于角色的访问控制（RBAC）模型缺乏对上下文约束条件的动态调整和生成,无法根据调整后的感知条件对用户权限实时进行调节的问题,在融合上下文感知RBAC模型和基于推理的RBAC模型基础上,提出了基于推理的上下文感知RBAC扩展模型.该扩展模型采用逻辑推理方法实现了上下文约束条件的动态调整,启用相应的公共感知器和自定义感知器感知约束条件的属性值；利用感知获得的动态上下文值进行角色和权限规则的推理,实现了访问主体对客体控制权限的实时更新.应用实例表明,该模型能提高分布式环境中用户动态访问控制的灵活性,并降低实时访问控制管理的复杂度．

［1］SANDHU R S,COYNE E J,FEINSTEIN H L, et al. Rolebased access control models［J］.IEEE Computer,1996,29(2):3847．
［2］ FERRAIOLO D, SANDHU R, GAVRILA S, et al. Proposed NIST standard for rolebased access control ［J］.ACM Transactions on Information and System Security,2001, 4(3):224274．
［3］ WAINER J, KUMAR A, BARTHELMESS P. DWRBAC: a formal security model of delegation and revocation in workflow systems［J］. Information Systems, 2007,32(3):365384．
［4］ BACON J, YAO W, MOODY K. A model of oasis rolebased access control and its support for active security ［J］.ACM Transactions on Information and System Security, 2002, 5(4):492540．
［5］ SANDHU R S, PARK J S, AHN G J. Rolebased access control on the Web ［J］. ACM Transactions on Information and Systems Security, 2001, 4(1):3771．
［6］NEUMANN G, STREMBECK M A. Scenariodriven role engineering process for functional RBAC roles［C］∥Proceedings of 7th ACM Symposium on Access Control Models and Technologies. Monterey: ACM, 2002:3342．
［7］STREMBECK M, NEUMANN G. An integrated approach to engineer and enforce context constraints in RBAC environments ［J］.ACM Transactions on Information and System Security, 2004, 7(3):392427．
［8］ZHANG G, PARASHAR M. Dynamic contextaware access control for grid applications［C］∥ Proceedings of 4th International Workshop on Grid Computing. Phoenix:IEEE,2003:101108．
［9］ZHANG L H, AHN G J, CHU B T. A rulebased framework for rolebased delegation and revocation ［J］.ACM Transactions on Information and System Security, 2003, 6(3):404441.
［10］ALKAHTANI M A, SANDHU R. Rulebased RBAC with negative authorization［C］ ∥20th Annual Computer Security Applications Conference. Tucson, Arizona: IEEE, 2004:405415．
［11］BERTINO E, CATANIA B, FERRARI E, et al. A logical framework for reasoning about access control models ［J］. ACM Transactions on Information and System Security, 2003, 6(1):71127．
［12］CRAMPTON J. Constraints: specifying and enforcing constraints in rolebased access control［C］∥Proceedings of the 8th ACM Symposium on Access Control Models and Technologies. Como: ACM, 2003:4350．
［13］CALVANESE D, GIACOMO G D, LENZERINI M. Representing and reasoning on XML documents: a description logic approach ［J］.Journal of Logic and Computation, 1999, 9(3):295318．
［14］COLMERAUER A. An introduction to Prolog III ［J］. Communications of the ACM, 1990, 33(7): 6990．
［15］ HEILILI N, CHEN Y, ZHAO C, et al. An OWLbased approach for RBAC with negative authorization ［C］∥ Knowledge Science, Engineering and Management. Guilin, China: Springer, 2006:164175．

[1]	CHEN Ke, HU Tian-lei, CHEN Gang. Fast trust chain search in role-based credential overlay network[J]. J4, 2010, 44(12): 2241-2250.

[2]	MA Chen-hua, WANG Jing, QIU Jiong, LU Guo-dong. Flexible context-constraint-based access control model for workflows[J]. J4, 2010, 44(12): 2297-2308.

[3]	TU Li-Hua, CHEN Gang, WANG Wei, CHEN Ke, DONG Jin-Xiang. Containerbased self-organizing storage model[J]. J4, 2010, 44(5): 915-922.

[4]	CHEN Ke, SHAO Feng, CHEN Gang, et al. Accelerating XML structural matching using bitmap filtration[J]. J4, 2009, 43(09): 1549-1556.

Viewed

Full text

Abstract

Cited

Shared

Discussed