Semantic representation and enforcement methods of ABAC policies

Abstract

Abstract: To solve the semantic presentation and enforcement problems of ABAC policies in the open system environment, a method using ontology to define policies is proposed. This method is defined on the basis of a map from ABAC policy model to description logic definitions. Also, it uses SWRL rules to define relations in the system. Based on the policy ontology, a framework utilizing close world reasoning and individual realization reasoning service to generate decisions of access request is proposed. The correctness of policy enforcement method is proved through its soundness and completeness, and an experiment is showed to verify the feasibility of these methods in a real application.

Key words: Attribute-Based Access Control（ABAC）, policy representation, policy enforcement, ontology, Semantic Web Rule Language（SWRL）, reasoning

摘要： 为解决开放式系统环境中基于属性的访问控制（Attribute-Based Access Control，ABAC）策略语义层次上的表示和决策问题，提出了ABAC策略的本体表示方法。该方法基于ABAC策略模型到描述逻辑定义的映射，使用语义Web规则语言（SWRL）处理系统内部关系定义。在此基础上，提出了基于封闭世界和实例实现推理的策略决策框架。最后从可靠性和完备性两方面说明了决策方法的正确性，验证实验表明了方法在实际应用中的适用性。

关键词: 基于属性的访问控制, 策略表示, 策略决策, 本体, 语义Web规则语言, 推理

ZHOU Jiagen, YE Chunxiao, LUO Juan. Semantic representation and enforcement methods of ABAC policies[J]. Computer Engineering and Applications, 2013, 49(23): 56-62.

周加根，叶春晓，罗娟. ABAC策略语义表示和决策方法[J]. 计算机工程与应用, 2013, 49(23): 56-62.

[1]	WANG Yuncheng, ZHOU Chunhua, CHEN Chuxiang, WU Shanming, CHEN Bing. Extensible Intelligent Scheduling System Based on Two Fork Knowledge Tree Reasoning [J]. Computer Engineering and Applications, 2021, 57(5): 251-257.
[2]	WANG Qingrong, MA Chenkun. Forecast of Emergency Supplies for Case Consumption Reasoning [J]. Computer Engineering and Applications, 2021, 57(22): 281-287.
[3]	YANG Quan. SVM Algorithm for N1+N2 Structure Syntax Relation Determination [J]. Computer Engineering and Applications, 2021, 57(20): 104-108.
[4]	SONG Haonan, ZHAO Gang, WANG Xingfen. Knowledge Reasoning Method Combining Knowledge Representation with Deep Reinforcement Learning [J]. Computer Engineering and Applications, 2021, 57(19): 189-197.
[5]	LI Jinhai, HE Youshi, ZHANG Peng. Research of Group Recommendation Based on Contextual Semantics Reasoning and Social Network [J]. Computer Engineering and Applications, 2021, 57(18): 163-171.
[6]	CHEN Guang, JIANG Tonghai, WANG Meng, TANG Xinyu, JI Wenfei. Custom SWRL Knowledge Graph Completion Reasoning Built-ins Implementation Method [J]. Computer Engineering and Applications, 2021, 57(1): 261-270.
[7]	WANG Hong, LIN Haizhou, LU Linyan. Knowledge Graph Inference Algorithm Based on Att_GCN Model [J]. Computer Engineering and Applications, 2020, 56(9): 183-189.
[8]	WANG Hui, LI Yingshun. Dynamic Fault Diagnosis Algorithm for Improved Evidence Update Rules [J]. Computer Engineering and Applications, 2020, 56(2): 261-265.
[9]	YANG Ying, WANG Jun, WANG Gang. Customer Complaints Classification Method Based on Improved Random Subspace [J]. Computer Engineering and Applications, 2020, 56(13): 230-235.
[10]	GAO Jian, WANG An. Research on Ontology-Based Network Threat Intelligence Analysis Technology [J]. Computer Engineering and Applications, 2020, 56(11): 112-117.
[11]	LI Jinhai, HE Youshi, MA Yunlei, ZHOU Aiping. Research of Universal Model for Knowledge Representation Based on Multi-layer Domain Ontology [J]. Computer Engineering and Applications, 2020, 56(11): 149-155.
[12]	CHEN Fang1，2, ZHAO Shuyu1, YANG Sudi1, GAO Xiumei1. Research on Robustness of Fuzzy Reasoning on Lipschitz Operators [J]. Computer Engineering and Applications, 2019, 55(6): 42-49.
[13]	WANG Siyu, HE Jingsha, TENG Da. Access Control System Supporting Quantification and Protection of Privacy Information [J]. Computer Engineering and Applications, 2019, 55(16): 77-87.
[14]	ZHANG Zhongwei1，2, CAO Lei1, CHEN Xiliang1, KOU Dalei1，3, SONG Tianting2. Survey of Knowledge Reasoning Based on Neural Network [J]. Computer Engineering and Applications, 2019, 55(12): 8-19.
[15]	QU Hanhua1, HUI Jianzhong1, HE Xianfeng2, WANG Muhua1, HE Xiaofeng1, FENG De’en1. Formal concept analysis model of meteorological services [J]. Computer Engineering and Applications, 2018, 54(9): 257-264.

Semantic representation and enforcement methods of ABAC policies

ABAC策略语义表示和决策方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics