权限扩展RBAC模型的本体表示和实现

Ontology representation and realization of extended permission in RBAC

下载PDF

导出

摘要针对基于角色的访问控制(RBAC)模型对权限实体的刻画能力不足,提出了带权限层次扩展的RBAC模型。为结合本体在知识表示和推理方面的优势,提出了该模型的本体表示和实现方法。该方法使用Web本体语言(OWL)表示该扩展模型,借助语义Web规则语言(SWRL)定义模型中应用逻辑规则,隐式授权知识经规则推理获得。在此基础上,通过SPARQL协议和RDF查询语言(SPARQL)查询命令生成显式和隐式授权视图,实现系统安全状态分析。最后,给出了具体应用示例,表明该方法的可行性。 Role Based Access Control （RBAC） has deficiency in characterizing permissions, so an extended RBAC model with permission hierarchy was presented. To utilize advantages of ontology in knowledge representing and reasoning, an ontology based representation and realization method of the extended model was proposed. Web Ontology Language （OWL） was used to formalize the ontology of this model, and some specific reasoning rules in the model were defined by Semantic Web Rule Language （SWRL）. Implicit knowledge about authorization was derived through rule based reasoning. Based on this, explicit and implicit authorization views were generated for security analysis through the SPARQL Protocol and RDF Query Language （ SPARQL）. Finally, a case study was introduced to show the feasibility of the method.

作者周加根叶春晓

机构地区重庆大学计算机学院

出处《计算机应用》 CSCD 北大核心 2012年第9期2624-2627,共4页 journal of Computer Applications

基金重庆大学研究生科技创新基金资助项目(CDJXS11180022)

关键词基于角色的访问控制本体 WEB本体语言授权视图 Role Based Access Control （RBAC） ontology Web Ontology Language （OWL） authorization view

分类号 TP309.2 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献16

1SANDHU R. Role-based access control models[ J]. IEEE Comput- er, 1996, 29(2) : 38 -47.
2SANDHU R, FERRA[OLO D, KUHN R, The NIST model for role- based access control: towards a unified standard[ C]//RBAC '00: Proceedings of the 5th ACM Workshop on Role-Based Access Con- trol. New York: ACM Press, 2000:47 -63.
3RISSANEN E, AXIOMATICS A B. XACML v3.0 core and hierar- chical Role Based Access Control (RBAC) profile vl. 0[ EB/OL]. [ 2011-12-10]. http://docs. oasis-open. org/xacml/3.0/xacml-3. 0-rbac-vl-spec-cs-Ol-en. pdf.
4BARKER S. Data protection by logic programming[ C]// Proceed- ings of the First International Conference on Computational Logic, LNAI 1861. Berlin: Springer-Verlag, 2000:1300 - 1314.
5BARKER S, STUCKEY P J. Flexible access control policy specifi- cation with constraint logic programming[ J]. ACM Transactions on Information and System Security (TISSEC), 2003, 6(4): 501- 546.
6FERRAIOLO D, ATLURI V, GAVRILA S. The policy machine: a novel architecture and framework for access control policy specifica- tion and enforcement[ J]. Journal of System Architecture, 2011, 57 (4) :412 -424.
7YAGUE M I, MANA A, LOPEZ J, et al. Applying the semantic Web layers to access control[ C]// DEXA '03: Proceedings of the 14th International Workshop on Database and Expert Systems Appli- cations. Washington, DC: IEEE Computer Society, 2003: 622-626.
8KAGAL L, FININ T, JOSHI A. A policy language for a pervasive computing environment[ C] // Proceedings of IEEE the 4th Interna- tional Workshop on Policies. Washington, DC: IEEE Computer So- ciety, 2003:63 -76.
9USZOK, A, BRADSHAW J M, JEFFERS R, et al. KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement [ C ]// POLICY2003: Proceedings of IEEE the 4th International Workshop on Polic- cies for Distributed Systems and Newworks. Washington, DC: IEEE Computer Society, 2003:93-96.
10王治纲,王晓刚,卢正鼎,李瑞轩.OntoRBAC:基于本体的RBAC策略描述与集成[J].计算机科学,2007,34(2):82-85. 被引量：8

二级参考文献15

1Sandhu R S.Role-based Access Control Models.IEEE Computer,1996,29(2):38-47
2Sandhu R S,Bhamidipati V.The ARBAC97 Model for Role-based Administration of Roles.TISSEC,1999,2(1):105-135
3Sandhu R S,Bhamidipati V.The URA97 or Role-based User-role Assignment.Proceedings of IFIP WG 11.3 Workshop on Database Security,Lake Tahoe,California,1997-08:11-13
4Uszok A, Bradshaw J, Jeffers R, et al. KAoS Policy Management for Semantic Web Services. IEEE Intelligent Systems,2004, 19(4): 32-41
5Baader F, Nutt W. Basic Description Logics. In: the Description Logic Handbook, F. Baader, D. Calvanese, D.L. McGuinness,et al,eds. Cambridge University Press, 2002. 47-100
6Horrocks I, Patel-Schneider P F, Boley H, et al. SWRL: A semantic Web rule language combining owl and ruleml. W3C Member Submission, 21 May 2004. Available at: http://www. w3.org/Submission/SWRL/
7Damianou N, et al. The Ponder Policy Specification Language.In: Proc. Policy 2001, Workshop on Policies for Distributed Systems and Networks, Bristol, UK, Jan. 2001. 18-39
8Koch M, Mancini LV, Parisi-Presicce F. A graph-based formalism for rbac. ACM Transactions on Information and System Security (TISSEC), 2002. 332-365
9Jajodia S, Samarati P, Sapino M, et al. Flexible support for multiple access control policies. ACM Transactions on Database Systerns, 2001. 214-260
10Bertino E, Catania B, Ferrari E, et al. A logical framework for reasoning about access control models. ACM Transactions on Information and System Security (TISSEC), 2003. 71-127

共引文献32

1蔡秀娟.基于RBAC的人事管理系统的设计与实现[J].成功,2013(9):218-219.
2彭晶晶,兰顺碧.文件检索与RBAC在OA系统中的应用[J].网络安全技术与应用,2006(3):52-54. 被引量：1
3樊银亭,王春清,周德祥.基于扩展角色访问控制模型的应用研究[J].江苏技术师范学院学报,2006,12(4):15-19.
4樊银亭,王春清,周德祥.一种扩展角色访问控制模型的设计与应用[J].海南师范学院学报（自然科学版）,2006,19(4):318-322. 被引量：1
5张晓群,董丽丽.角色访问控制模型的研究及应用[J].计算机技术与发展,2007,17(2):42-45. 被引量：7
6张晓燕,张素伟.基于RBAC的电子政务权限访问控制模块的设计与实现[J].计算机工程与设计,2007,28(3):680-682. 被引量：22
7张野,方勇,吕伟,石稀林,邓远林.一种基于对象组的RBAC权限模型[J].信息与电子工程,2007,5(2):138-141. 被引量：3
8樊银亭,王春清,周德祥.一种ERBAC模型的设计与实现[J].合肥工业大学学报（自然科学版）,2007,30(7):869-872. 被引量：9
9吴光成,时云峰.基于RBAC的权限管理系统的实现[J].电子测试,2008,19(5):87-91. 被引量：10
10付兴顺,陈家琪.Solaris下基于角色访问控制模型的研究与应用[J].计算机工程与设计,2008,29(8):1952-1954.

1努尔买买提.黑力力,开依沙尔.热合曼.带负授权RBAC模型的OWL表示及冲突检测[J].计算机工程与应用,2010,46(30):82-85. 被引量：4
2樊映宇,崔杜武.XML关系保护模型[J].计算机工程与设计,2008,29(18):4725-4727. 被引量：1
3李蚌蚌.基于RBAC扩展的权限模型在用电信息采集系统中的应用[J].软件导刊,2017,16(3):115-117. 被引量：1
4魏建斌.利用Informix数据库查询语言和UNIX命令生成网页[J].甘肃高师学报,2010,15(5):55-58.
5胡锦丽.一种基于JSON的Modbus远程通信实现方式[J].机电技术,2014,37(2):36-39. 被引量：3
6袁文礼,陈平华,熊建斌.扩展的RBAC模型在数据共享服务平台中的应用[J].计算机技术与发展,2012,22(8):221-224.
7郑鹏.一个基于SWRL的查询系统框架[J].盐城工学院学报（自然科学版）,2007,20(2):27-31. 被引量：2
8张锦,汤一平.基于LDAP和EJB的RBAC模型的实现[J].计算机应用,2003,23(z2):131-133. 被引量：3
9杨扬,李雄.RBAC和IOC技术在权限控制中的应用[J].微计算机信息,2010,26(15):232-234.
10汪海玲,郝玉洁,白敬培.内容管理信息系统中访问控制方案的切换[J].电子科技大学学报,2013,42(5):749-752. 被引量：2

计算机应用

2012年第9期

浏览历史

内容加载中请稍等...

权限扩展RBAC模型的本体表示和实现

参考文献16

二级参考文献15

共引文献32

相关作者

相关机构

相关主题

浏览历史