Computer Engineering and Applications ›› 2013, Vol. 49 ›› Issue (3): 109-112.

Previous Articles     Next Articles

Description of RBAC delegation model using ontology and SWRL

YE Chunxiao, LUO Juan, ZHOU Jiagen   

  1. College of Computer Science, Chongqing University, Chongqing 400030, China
  • Online:2013-02-01 Published:2013-02-18

结合本体和SWRL描述RBAC委托模型

叶春晓,罗  娟,周加根   

  1. 重庆大学 计算机学院,重庆 400030

Abstract: Role delegation between users is an important security policy that should be supported for RBAC mode. The basic idea of delegation is that some users in a system delegate their roles to other users to carry out some specific functions on behalf of the former. This paper describes the RBAC delegation with ontology. Meanwhile some rules in form of SWRL have been defined for the delegation to reason within mutual exclusive constraint, time constraint, overlap constraint and prerequisite role constraint, so as to ensure the security and self-determination of the delegation system.

Key words: delegation, ontology, constraint

摘要: 用户之间的角色委托是RBAC模型需要支持的一种重要安全策略,其主要思想是系统中的用户将角色委托给其他用户,以便以前者名义执行特定的工作。对RBAC委托模型进行了本体建模,借助SWRL(Semantic Web Rule Language)定义的规则对委托中的互斥限制、时间限制、重复限制、前置角色限制等相关限制进行推理,保证了委托系统的安全性和自主决策性。

关键词: 委托, 本体, 限制