Title: An ontology-based approach to improve access policy administration of attribute-based access control
Authors: Jiaying Li; Baowen Zhang
Addresses: School of Electronic Information and Electric Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, 200240, China ' School of Electronic Information and Electric Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, 200240, China
Abstract: Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration.
Keywords: attribute-based access control; ABAC; policy administration; ontology; web ontology language; OWL; information security; access control; system security; security policy.
International Journal of Information and Computer Security, 2019 Vol.11 No.4/5, pp.391 - 412
Received: 30 Sep 2017
Accepted: 22 Aug 2018
Published online: 27 Aug 2019 *