M. Amini; M. Arasteh
Abstract
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which ...
Read More
A Virtual Organization (VO) consists of some real organizations with common interests, which aims to provide inter organizational associations to reach some common goals by sharing their resources with each other. Providing security mechanisms, and especially a suitable access control mechanism, which enforces the defined security policy is a necessary requirement in VOs. Since VO is a complex environment with the huge number of users and resources, traditional access control models cannot satisfy VOs security requirements. Most of the current proposals are basically based on the attributes of users and resources. In this paper, we suggest using a combination of the semantic based access control (SBAC) model, and the attribute based access control (ABAC) model with the shared ontology of subjects' attributes in VOs. In this model, each participating organization makes its access control decisions according to an enhanced model of the ABAC model. However, access decision in the VO is made in more abstract level through an enhanced model of the SBAC model. Using the ontology of users and resources in this model facilitates access control in large scale VOs with numerous organizations. By the combination of SBAC and ABAC, we attain their benefits and eliminate their shortcomings. In order to show the applicability of the proposed model, an access control system, based on the proposed model, has been implemented in Java using available APIs, including Sun's XACML API, Jena, Pellet, and Protégé.
A. Javadi; M. Amini
Abstract
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information ...
Read More
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs not only should be context-aware, but also must be able to deal with imperfect context information. In addition, due to the diversity and heterogeneity of resources and users and their security requirements in PCEs, supporting exception and default policies is a necessary requirement. In this paper, we propose a Semantic-Aware Role-Based Access Control (SARBAC) model satisfying the aforementioned requirements using MKNF+. The main contribution of our work is defining an ontology for context information along with using MKNF+ rules to define context-aware role activation and permission assignment policies. Dividing role activation and permission assignment policies into three layers and using abstract and concrete predicates not only make security policy specification more flexible and manageable, but also make definition of exception and default polices possible. The expressive power of the proposed model is demonstrated through a case study in this paper.