{"title":"An ontology-based approach to improve access policy administration of attribute-based access control","authors":"Jiaying Li, Baowen Zhang","doi":"10.1504/ijics.2019.10023471","DOIUrl":null,"url":null,"abstract":"Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration.","PeriodicalId":164016,"journal":{"name":"Int. J. Inf. Comput. Secur.","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Inf. Comput. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/ijics.2019.10023471","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
