Design-time and Run-time Reasoning with RelBAC

Zhang, Rui (2009) Design-time and Run-time Reasoning with RelBAC. UNSPECIFIED. (Submitted)

Download (289Kb) | Preview


    Relation-Based Access Control (RelBAC) is an access control model for the Web scenarios, which represents permissions as relations between users and objects. It allows to express policies using cardinality and quantiers and to specify separation of duties in the basic model rather than as an additional constraint. This paper shows that by exploiting the formalization of RelBAC model in Description Logics (DL), sophisticated access control policies can be directly encoded as DL formulas. This facilitates the administration with design-time reasoning on hierarchies, propagations, separation of duties, etc. and helps with run-time reasoning to make access control decisions. All these reasonings can be automated and performed through state of the art, o-the-shelf DL reasoners.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Computer software
    Uncontrolled Keywords: RelBAC, access control policies, design-time reasoning, run-time reasoning
    Report Number: DISI-09-058
    Repository staff approval on: 26 Oct 2009

    Actions (login required)

    View Item