Article: An ontology-based approach to improve access policy administration of attribute-based access control Journal: International Journal of Information and Computer Security (IJICS) 2019 Vol.11 No.4/5 pp.391 - 412 Abstract: Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration. Inderscience Publishers - linking academia, business and industry through research

Title: An ontology-based approach to improve access policy administration of attribute-based access control

Authors: Jiaying Li; Baowen Zhang

Addresses: School of Electronic Information and Electric Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, 200240, China ' School of Electronic Information and Electric Engineering, Shanghai Key Laboratory of Integrated Administration Technologies for Information Security, Shanghai Jiao Tong University, Shanghai, 200240, China

Abstract: Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration.

Keywords: attribute-based access control; ABAC; policy administration; ontology; web ontology language; OWL; information security; access control; system security; security policy.

DOI: 10.1504/IJICS.2019.101928

International Journal of Information and Computer Security, 2019 Vol.11 No.4/5, pp.391 - 412

Received: 30 Sep 2017
Accepted: 22 Aug 2018
Published online: 30 Aug 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: An ontology-based approach to improve access policy administration of attribute-based access control

Keep up-to-date