scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Modeling Chinese wall access control using formal concept analysis

TL;DR: The main objective is to model the Chinese wall access control policy using formal concept analysis which extends and restructures the lattice theory and confirms that the proposed method satisfies the constraints of Chinese wall security policy and its properties such as simple security and *-property.
Abstract: Chinese wall access control (CWAC) is a well known and suitable access control model for secured sharing of commercial consultancy services. It is to avoid the information flow which causes conflict of interest for every individual consultant in these services. The main objective is to model the Chinese wall access control policy using formal concept analysis which extends and restructures the lattice theory. To attain this goal, we develop a formal context in the security aspects of Chinese wall access permissions. We experiment the proposed method in a common commercial consultancy service sharing scenario. The analysis results confirms that the proposed method satisfies the constraints of Chinese wall security policy and its properties such as simple security and *-property.
Citations
More filters
Journal ArticleDOI
TL;DR: Three-way formal concept analysis (3WCA) is presented on how 3WCA can provide suitable representation ofRBAC policy and whether this representation follows role hierarchy and constraints of RBAC.
Abstract: Role based access control (RBAC) is one of the popular access control models. On representing the policy behind RBAC, the literatures investigate the use of various knowledge representation techniques such as Descriptive logics, Formal Concept Analysis (FCA), Ontology etc. Based on the input of binary access control table, the existing knowledge representation techniques on RBAC derives two-way decisions whether to permit the access request or not. It works well when single element in the set of elements of a constituent of RBAC initiates the access request. Consider the scenario of multiple distinct elements in the set of elements of a constituent of RBAC initiate the collective access request to a set of elements in other constituent of RBAC. In many cases of this scenario, some elements possess but not all of the elements possess the permission to access all elements in other subset of a constituent of RBAC. On this situation, the collective access decision to those multiple distinct elements in the set of elements of a RBAC constituent appears in three forms such as permit, deny and non-commitment. Three-way formal concept analysis (3WCA) is an emerging knowledge representation technique which provides two types of three-way concepts and their lattices to enable three-way decisions from the binary information table. At this juncture, it is more suitable to apply 3WCA on representing the RBAC policy to enable three-way decisions instead of existing two-way decisions in classical FCA and triadic FCA. The main objective of this paper is to propose a methodology for modelling RBAC using 3WCA and attain its distinctive merits. Our discussion is on two lines of inquiry. We present on how 3WCA can provide suitable representation of RBAC policy and whether this representation follows role hierarchy and constraints of RBAC.

19 citations

Proceedings ArticleDOI
28 Sep 2015
TL;DR: This paper proposes a procedure to transform the access permission matrix of multiple domain environments into inter-domain access control ontology and shows that it is possible to formalize ontology for access permission of inter- domain security policy without any conflicts in terms ofinter-domain roles, services and domains in multipledomain environments.
Abstract: There are several access control models available for multiple domain environments. Applying role based access control for inter-domain services of multiple domain environment meet the challenges such as mapping of inter-domain role hierarchy, separation of duty constraints on role conflict, service conflict and location conflict. In the recent times, ontology based access control is introduced for various domain of interest. The main purpose of this paper is representing inter-domain access permissions of multiple domain environments using ontology which is the formal and explicit representation of a domain of interest through their concepts and their associations. To attain this objective, we propose a procedure to transform the access permission matrix of multiple domain environments into inter-domain access control ontology. The implementation shows that it is possible to formalize ontology for access permission of inter-domain security policy without any conflicts in terms of inter-domain roles, services and domains in multiple domain environments.

12 citations


Cites methods from "Modeling Chinese wall access contro..."

  • ...In our own research, we have modelled the Chinese wall access control using formal concept analysis [15]....

    [...]

Journal ArticleDOI
TL;DR: A new method called HSSM-based ontology merging using formal concept analysis (FCA) and semantic similarity measure is proposed and used to merge the academic social network ontologies.
Abstract: The purpose of this paper is to merge the ontologies that remove the redundancy and improve the storage efficiency. The count of ontologies developed in the past few eras is noticeably very high. With the availability of these ontologies, the needed information can be smoothly attained, but the presence of comparably varied ontologies nurtures the dispute of rework and merging of data. The assessment of the existing ontologies exposes the existence of the superfluous information; hence, ontology merging is the only solution. The existing ontology merging methods focus only on highly relevant classes and instances, whereas somewhat relevant classes and instances have been simply dropped. Those somewhat relevant classes and instances may also be useful or relevant to the given domain. In this paper, we propose a new method called hybrid semantic similarity measure (HSSM)-based ontology merging using formal concept analysis (FCA) and semantic similarity measure.,The HSSM categorizes the relevancy into three classes, namely highly relevant, moderate relevant and least relevant classes and instances. To achieve high efficiency in merging, HSSM performs both FCA part and the semantic similarity part.,The experimental results proved that the HSSM produced better results compared with existing algorithms in terms of similarity distance and time. An inconsistency check can also be done for the dissimilar classes and instances within an ontology. The output ontology will have set of highly relevant and moderate classes and instances as well as few least relevant classes and instances that will eventually lead to exhaustive ontology for the particular domain.,In this paper, a HSSM method is proposed and used to merge the academic social network ontologies; this is observed to be an extremely powerful methodology compared with other former studies. This HSSM approach can be applied for various domain ontologies and it may deliver a novel vision to the researchers.,The HSSM is not applied for merging the ontologies in any former studies up to the knowledge of authors.

10 citations

Book ChapterDOI
10 Aug 2015
TL;DR: The objective of this paper is to propose the model of representing FRBAC in the form of FFCA, and the initial results show that the proposed model could implement the major features of RBAC.
Abstract: Role based access control (RBAC) is the widely accepted and used access control model. However, mappings among the set of users, roles and permissions in RBAC is a major challenging task. This leads to errors in practical applications. Incorporating human decisions on mappings of RBAC could resolve this issue. But, in real time, human decisions are fuzzy in nature. So, fuzzy techniques can be incorporated into RBAC through fuzzy role based access control (FRBAC). Fuzzy formal concept analysis (FFCA) is a mathematical model for representation of uncertain information in the form of formal context. However to the best of our knowledge, there are no works on modelling fuzzy RBAC through fuzzy FCA. The objective of this paper is to propose the model of representing FRBAC in the form of FFCA. The initial results of our experiments show that the proposed model could implement the major features of RBAC.

7 citations


Cites methods from "Modeling Chinese wall access contro..."

  • ...Chinese wall security policy has been modeled using formal concept analysis [28]....

    [...]

Journal ArticleDOI
TL;DR: A methodology that allows the security administrator to derive a set of queries that, combined, could disclose sensitive information and a run-time solution for neutralizing all suspicious queries while ensuring a trade-off between data protection and data availability is proposed.
Abstract: Specifying a global access control policy in a data integration system using traditional methods does not necessarily offer a sound and efficient solution to deal with the inference problem. This is because data dependencies (between distributed data sets) are not taken into account when local policies are defined. In this paper, we propose a methodology, together with a set of algorithms, that can help to efficiently detect inferences by considering semantic constraints. The proposed approach is based on formal concept analysis (FCA) as a representation framework. Given a set of local policies, an initial global policy and data dependencies, we propose a methodology that allows the security administrator to derive a set of queries that, combined, could disclose sensitive information. We also say that the set of queries constitutes an inference channel. We use FCA theories to identify the illegal queries known as disclosure transactions. Then, we propose a run-time solution for neutralizing all suspicious queries while ensuring a trade-off between data protection and data availability. By combining Prime Number with Lattice theory, we keep traces of the previously executed queries so that inferences are blocked at run-time. We also discuss a set of experiments that we conducted.

5 citations


Additional excerpts

  • ...[69] of lattice construction and navigation....

    [...]

References
More filters
Book ChapterDOI
12 May 2009
TL;DR: Restructuring lattice theory is an attempt to reinvigorate connections with the authors' general culture by interpreting the theory as concretely as possible, and in this way to promote better communication between lattice theorists and potential users of lattices theory.
Abstract: Lattice theory today reflects the general Status of current mathematics: there is a rich production of theoretical concepts, results, and developments, many of which are reached by elaborate mental gymnastics; on the other hand, the connections of the theory to its surroundings are getting weaker and weaker, with the result that the theory and even many of its parts become more isolated. Restructuring lattice theory is an attempt to reinvigorate connections with our general culture by interpreting the theory as concretely as possible, and in this way to promote better communication between lattice theorists and potential users of lattice theory.

2,407 citations


Additional excerpts

  • ...FORMAL CONCEPT ANALYSIS In the early 1980’s, from an attempt to restructure the lattice theory, Rudolf Wille introduced the formal concept analysis in Darmstadt [19]....

    [...]

  • ...In the early 1980’s, from an attempt to restructure the lattice theory, Rudolf Wille introduced the formal concept analysis in Darmstadt [19]....

    [...]

Journal ArticleDOI
TL;DR: FCA explicitly formalises extension and intension of a concept, their mutual relationships, and the fact that increasing intent implies decreasing extent and vice versa, and allows to derive a concept hierarchy from a given dataset.

2,029 citations

Book
01 Dec 2002

1,248 citations

Proceedings ArticleDOI
01 May 1989
TL;DR: The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions and concludes that it is perhaps as significant to the financial world as Bell-LaPadula's policies are to the military.
Abstract: The authors explore a commercial security policy (the Chinese Wall) which represents the behavior required of those persons who perform corporate analysis for financial institutions. It can be distinguished from Bell-LaPadula-like policies by the way that a user's permitted accesses are constrained by the history of his previous accesses. It is shown that the formal representation of the policy correctly permits a market analyst to talk to any corporation which does not create a conflict of interest with previous assignments. The Chinese Wall policy combines commercial discretion with legally enforceable mandatory controls. It is required in the operation of many financial services organizations; the authors conclude that it is, therefore, perhaps as significant to the financial world as Bell-LaPadula's policies are to the military. >

1,001 citations


"Modeling Chinese wall access contro..." refers background in this paper

  • ...To ensure their security, any standard information system requires the support of access control....

    [...]

  • ...To discuss the terms and policy behind the CWAC, we consider an online commercial domain where the consultants or analysts of the companies are interested in accessing the set of data resources of various group of companies that provide different types of services....

    [...]

Journal ArticleDOI
TL;DR: A balanced perspective on lattice-based access control models is provided and information flow policies, the military lattice,Access control models, the Bell-LaPadula model, the Biba model and duality, and the Chinese Wall lattice are reviewed.
Abstract: Lattice-based access control models were developed in the early 1970s to deal with the confidentiality of military information. In the late 1970s and early 1980s, researchers applied these models to certain integrity concerns. Later, application of the models to the Chinese Wall policy, a confidentiality policy unique to the commercial sector, was demonstrated. A balanced perspective on lattice-based access control models is provided. Information flow policies, the military lattice, access control models, the Bell-LaPadula model, the Biba model and duality, and the Chinese Wall lattice are reviewed. The limitations of the models are identified. >

754 citations


"Modeling Chinese wall access contro..." refers background or result in this paper

  • ...In addition to that the structure of this lattice again proves that object or consultant hierarchy is not possible in CWAC policy as mentioned by Sandhu [17]....

    [...]

  • ...Based on the fruitful results of Sandhu [6], Ch....

    [...]

  • ...Sandhu [6] has presented a lattice based access control model for this Chinese wall policy....

    [...]

  • ...Based on the fruitful results of Sandhu [6], Ch. Aswani Kumar [8], Obiedkov et al [11] and Dau and Knechtel [13], we are motivated to propose a formal context for Chinese wall security policy....

    [...]

  • ...Sandhu [17] has described the lattice based 811978-1-4799-6629-5/14/$31.00 c©2014 IEEE enforcement of CWAC and compares it with the lattice based structure of BLP....

    [...]