scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Inter-domain role based access control using ontology

TL;DR: This paper proposes a procedure to transform the access permission matrix of multiple domain environments into inter-domain access control ontology and shows that it is possible to formalize ontology for access permission of inter- domain security policy without any conflicts in terms ofinter-domain roles, services and domains in multipledomain environments.
Abstract: There are several access control models available for multiple domain environments. Applying role based access control for inter-domain services of multiple domain environment meet the challenges such as mapping of inter-domain role hierarchy, separation of duty constraints on role conflict, service conflict and location conflict. In the recent times, ontology based access control is introduced for various domain of interest. The main purpose of this paper is representing inter-domain access permissions of multiple domain environments using ontology which is the formal and explicit representation of a domain of interest through their concepts and their associations. To attain this objective, we propose a procedure to transform the access permission matrix of multiple domain environments into inter-domain access control ontology. The implementation shows that it is possible to formalize ontology for access permission of inter-domain security policy without any conflicts in terms of inter-domain roles, services and domains in multiple domain environments.
Citations
More filters
Journal ArticleDOI
TL;DR: This paper studies and categorizes the existing ontologies based on the fundamental ontological concepts required for annotating different aspects of data collection and data access in an IoT application and identifies the 4Ws (What, When, Who, Where, Where) and 1H (How) identified using the 4W1H methodology.
Abstract: IoT systems are now being deployed worldwide to sense phenomena of interest. The existing IoT systems are often independent, which limits the use of sensor data to only one application. Semantic solutions have been proposed to support the reuse of sensor data across IoT systems and applications. This allows the integration of IoT systems for increased productivity by solving challenges associated with their interoperability and heterogeneity. Several ontologies have been proposed to handle different aspects of sensor data collection in IoT systems, ranging from sensor discovery to applying reasoning on collected sensor data for drawing inferences. In this paper, we study and categorize the existing ontologies based on the fundamental ontological concepts (e.g., sensors, context, location, and so on) required for annotating different aspects of data collection and data access in an IoT application. We identify these fundamental concepts by answering the 4Ws (What, When, Who, Where) and 1H (How) identified using the 4W1H methodology.

21 citations


Cites background from "Inter-domain role based access cont..."

  • ...[80] proposed to convert a matrix containing permissions (rows with subjects and columns with...

    [...]

Journal ArticleDOI
TL;DR: Three-way formal concept analysis (3WCA) is presented on how 3WCA can provide suitable representation ofRBAC policy and whether this representation follows role hierarchy and constraints of RBAC.
Abstract: Role based access control (RBAC) is one of the popular access control models. On representing the policy behind RBAC, the literatures investigate the use of various knowledge representation techniques such as Descriptive logics, Formal Concept Analysis (FCA), Ontology etc. Based on the input of binary access control table, the existing knowledge representation techniques on RBAC derives two-way decisions whether to permit the access request or not. It works well when single element in the set of elements of a constituent of RBAC initiates the access request. Consider the scenario of multiple distinct elements in the set of elements of a constituent of RBAC initiate the collective access request to a set of elements in other constituent of RBAC. In many cases of this scenario, some elements possess but not all of the elements possess the permission to access all elements in other subset of a constituent of RBAC. On this situation, the collective access decision to those multiple distinct elements in the set of elements of a RBAC constituent appears in three forms such as permit, deny and non-commitment. Three-way formal concept analysis (3WCA) is an emerging knowledge representation technique which provides two types of three-way concepts and their lattices to enable three-way decisions from the binary information table. At this juncture, it is more suitable to apply 3WCA on representing the RBAC policy to enable three-way decisions instead of existing two-way decisions in classical FCA and triadic FCA. The main objective of this paper is to propose a methodology for modelling RBAC using 3WCA and attain its distinctive merits. Our discussion is on two lines of inquiry. We present on how 3WCA can provide suitable representation of RBAC policy and whether this representation follows role hierarchy and constraints of RBAC.

19 citations

Proceedings ArticleDOI
01 May 2017
TL;DR: This paper evaluated the proposal by implementing a prototype to provide support for SRA, based on RESTful web services and standardized specifications such as XACML and OpenID Connect, with SRA showing better results when compared to traditional role activation.
Abstract: Organizations establish partnerships in order to achieve a strategic goal. In many cases, resources in a given organization are accessed from external domains, characterizing multi-domain operations. This paper presents an approach to perform role activation in multi-domain environments. The active roles are imported in other domains from a user's home domain. Thus, a Single Role Activation (SRA) is performed, similarly to Single Sign-On (SSO) authentication. The administrative autonomy to define each role permission is kept within each local domain. We evaluated the proposal by implementing a prototype to provide support for SRA, based on RESTful web services and standardized specifications such as XACML and OpenID Connect. The prototype evaluation measured response time for simultaneous access requests, with SRA showing better results when compared to traditional role activation. Furthermore, from a security perspective, the proposal is about 15 times faster than traditional approaches.

7 citations


Cites methods from "Inter-domain role based access cont..."

  • ...[21] presented a model using Formal Concept Analysis (FCA) to represent the access permissions that a role has in different domains....

    [...]

Journal ArticleDOI
TL;DR: This study provides a new approach based on ontology, data mining, and automatic discovering algorithms for the relationships with different degrees for the edges among the concepts, which is effective for construction materials recommendation.
Abstract: Products and web pages are the main components of the e-commerce data knowledge and the relationship among them is an important issue to be highly considered in recommender systems This study aims to focus on the similarity and complementarity relationships among the products that have wide applications in the recommender systems In the previously proposed methods, products and their relationships were revealed using taxonomy and “IS-A” relationship In addition, the similarity and complementarity calculations were conducted based on edge computation by assigning a similar degree to any edge More specifically, the children of a concept in the taxonomy was supported by a similar father’s “IS-A” degree In contrast, this study provides a new approach based on ontology, data mining, and automatic discovering algorithms for the relationships with different degrees for the edges among the concepts Accordingly, these relationships are initialised according to the “IS-A” degree With regard to this weighted

5 citations

Journal ArticleDOI
TL;DR: This work proposes a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts and presents how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.
Abstract: Role based access control is one of the widely used access control models. There are investigations in the literature that use knowledge representation mechanisms such as formal concept analysis (FCA), description logics, and Ontology for representing access control mechanism. However, while using FCA, investigations reported in the literature so far work on the logic that transforms the three dimensional access control matrix into dyadic formal contexts. This transformation is mainly to derive the formal concepts, lattice structure and implications to represent role hierarchy and constraints of RBAC. In this work, we propose a methodology that models RBAC using triadic FCA without transforming the triadic access control matrix into dyadic formal contexts. Our discussion is on two lines of inquiry. We present how triadic FCA can provide a suitable representation of RBAC policy and we demonstrate how this representation follows role hierarchy and constraints of RBAC on sample healthcare network available in the literature.

3 citations

References
More filters
Journal ArticleDOI
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Abstract: Security administration of large systems is complex, but it can be simplified by a role-based access control approach. This article explains why RBAC is receiving renewed attention as a method of security administration and review, describes a framework of four reference models developed to better understand RBAC and categorizes different implementations, and discusses the use of RBAC to manage itself.

5,418 citations


"Inter-domain role based access cont..." refers methods in this paper

  • ...It provides an alternate for traditional access control models such as MAC and DAC [10]....

    [...]

Journal ArticleDOI
TL;DR: Temporal-RBAC (TRBAC), an extension of the RBAC model, is introduced, which supports periodic role enabling and disabling, and temporal dependencies among such actions, expressed by means of role triggers.
Abstract: Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles may be available to users at certain time periods, and unavailable at others. Moreover, there can be temporal dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extension of the RBAC model. TRBAC supports periodic role enabling and disabling---possibly with individual exceptions for particular users---and temporal dependencies among such actions, expressed by means of role triggers. Role trigger actions may be either immediately executed, or deferred by an explicitly specified amount of time. Enabling and disabling actions may be given a priority, which is used to solve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, a system implementing TRBAC on top of a conventional DBMS is presented.

769 citations

Proceedings ArticleDOI
26 Jul 2000
TL;DR: Temporal-RBAC (TRBAC), an extensions of the RBAC model, supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers.
Abstract: Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles can be active at certain time periods and non active at others; moreover, there can be activation dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extensions of the RBAC model. TRBAC supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers, whose actions may be either executed immediately, or be deferred by an explicity specified amount of time. Both triggers and periodic activations/deactivations may have a priority associated with them, in order to resolve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, an implementation architecture is outlined.

321 citations


"Inter-domain role based access cont..." refers methods in this paper

  • ...Shafiq et al [4] have applied RBAC policies for the secure inter operation in multiple domain environments....

    [...]

  • ...Aswani Kumar [13] has demonstrated the design of RBAC for health care ad-hoc network....

    [...]

  • ...BACKGROUND The literature shows that RBAC is the widely accepted and efficient access control model for implementing security policies [6, 8]....

    [...]

  • ...Wu et al [5] have played an important role in specifying the RBAC constraints using web ontology language (OWL)....

    [...]

  • ...Several new RBAC models have been introduced by extending the RBAC....

    [...]

Proceedings ArticleDOI
11 Jun 2008
TL;DR: Two different ways to support the NIST Standard RBAC model in OWL are shown and how the OWL constructions can be extended to model attribute-based RBAC or more generally attribute- based access control are discussed.
Abstract: There have been two parallel themes in access control research in recent years. On the one hand there are efforts to develop new access control models to meet the policy needs of real world application domains. In parallel, and almost separately, researchers have developed policy languages for access control. This paper is motivated by the consideration that these two parallel efforts need to develop synergy. A policy language in the abstract without ties to a model gives the designer little guidance. Conversely a model may not have the machinery to express all the policy details of a given system or may deliberately leave important aspects unspecified. Our vision for the future is a world where advanced access control concepts are embodied in models that are supported by policy languages in a natural intuitive manner, while allowing for details beyond the models to be further specified in the policy language.This paper studies the relationship between the Web Ontology Language (OWL) and the Role Based Access Control (RBAC) model. Although OWL is a web ontology language and not specifically designed for expressing authorization policies, it has been used successfully for this purpose in previous work. OWL is a leading specification language for the Semantic Web, making it a natural vehicle for providing access control in that context. In this paper we show two different ways to support the NIST Standard RBAC model in OWL and then discuss how the OWL constructions can be extended to model attribute-based RBAC or more generally attribute-based access control. We further examine and assess OWL's suitability for two other access control problems: supporting attribute based access control and performing security analysis in a trust-management framework.

231 citations


"Inter-domain role based access cont..." refers background or methods in this paper

  • ...Finin et al [6] have provided the possible ways to use NIST standard role based access control....

    [...]

  • ...The literature shows that RBAC is the widely accepted and efficient access control model for implementing security policies [6, 8]....

    [...]

Journal ArticleDOI
TL;DR: This paper proposes a policy integration framework for merging heterogeneous role-based access control policies of multiple domains into a global access control policy, and proposes an integer programming (IP)-based approach for optimal resolution of conflicts.
Abstract: Multidomain application environments where distributed multiple organizations interoperate with each other are becoming a reality as witnessed by emerging Internet-based enterprise applications. Composition of a global coherent security policy that governs information and resource accesses in such environments is a challenging problem. In this paper, we propose a policy integration framework for merging heterogeneous role-based access control (RBAC) policies of multiple domains into a global access control policy. A key challenge in composition of this policy is the resolution of conflicts that may arise among the RBAC policies of individual domains. We propose an integer programming (IP)-based approach for optimal resolution of such conflicts. The optimality criterion is to maximize interdomain role accesses without exceeding the autonomy losses beyond the acceptable limit.

218 citations


"Inter-domain role based access cont..." refers methods in this paper

  • ...Shafiq et al [4] have applied RBAC policies for the secure inter operation in multiple domain environments....

    [...]

  • ...Shafiq et al [4] have introduced an integer programming based strategy to resolve conflicts in inter-operation of RBAC models....

    [...]