Research on Reachability Reasoning Method for Attribute-based Role Assignment Model

doi:10.3969/j.issn.1000-3428.2014.09.029

Computer Engineering

Previous Articles Next Articles

Research on Reachability Reasoning Method for Attribute-based Role Assignment Model

REN Zhi-yu ^1,2,3,CHEN Xing-yuan ^1,2,MA Jun-qiang¹

(1. The 4th Institute,PLA Information Engineering University,Zhengzhou 450001,China;2. Henan Province Key Laboratory of Information Security,Zhengzhou 450004,China;3.State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)

Received:2013-09-09 Online:2014-09-15 Published:2014-09-12

基于属性的角色委派模型可达性推理方法研究

任志宇^1,2,3,陈性元^1,2,马军强¹

(1. 解放军信息工程大学四院,郑州450001;2. 河南省信息安全重点实验室,郑州450004;3. 数学工程与先进计算国家重点实验室,郑州450001)

作者简介:任志宇(1974 - ),女,博士研究生,主研方向:信息安全,访问控制,授权管理;陈性元,教授、博士、博士生导师;马军强,副教授。
基金资助:
国家“973”计划基金资助项目(2011CB311801);河南省科技创新人才计划基金资助项目(114200510001)。

Abstract

Abstract: By introducing attributes to provide richer semantics for Role-based Access Control(RBAC) management policy,the attribute-based role assignment model is proposed. It is formalized by description logic,including concepts and relations. In order to resolve the difficulty of privilge management policy detection in distributed environment,the userrole reachability analysis problem is defined and analyzed. The inference rules are described by SWRL,and imported into the inference engine to realize automated reasoning. Application example shows that the reasoning method is correct and feasible. Experimental result shows that the reasoning time rises slowly by the count of policy. So the reasoning method is practical for the automatic policy detection. It can avoid potential security problems,and offer a basis for the safe application of the privilge management model.

Key words: attribute, role assignment, reachability, reasoning, Role-based Access Control(RBAC), description logic

摘要： 提出基于属性的角色委派模型,通过引入属性扩展授权管理策略的表达能力,并采用描述逻辑定义模型的概念及其关系。为解决分布式环境下授权管理策略检测困难的问题,对模型的用户-角色可达性问题进行定义和分析,采用SWRL 描述推理规则,利用推理引擎实现用户-角色可达性的自动推理,并通过应用实例对推理方法的正确性和可行性进行验证。实验结果表明,针对某一策略进行推理时所需的时间随策略数量的增加上升平缓,因此,该推理方法适用于授权管理策略的自动检测,可有效避免因策略执行结果不直观而引发的安全隐患,为授权管理模型的安全应用提供支撑。

关键词: 属性, 角色委派, 可达性, 推理, 基于角色的访问控制, 描述逻辑

CLC Number:

TP393. 08

REN Zhi-yu,CHEN Xing-yuan,MA Jun-qiang. Research on Reachability Reasoning Method for Attribute-based Role Assignment Model[J]. Computer Engineering.

任志宇,陈性元,马军强. 基于属性的角色委派模型可达性推理方法研究[J]. 计算机工程.

/ Recommend / Download Citations

URL:

https://www.ecice06.com/EN/Y2014/V40/I9/143

References

参考文献 [ 1 ]　Sandhu R,Bhamidipati V,Munawer Q. The ARBAC97 Model for Role Based Administration of Roles[J]. ACM Transactions on Information and System Security,1997, 2(1):105-135. [ 2 ]　Sandhu R S,Coyne E J,Feinstein H L,et al. Role-based Access Control Models [J]. Computer,1996,29 (2): 38-47. [ 3 ]　Li Ninghui,Tripunitara M V. Security Analysis in Rolebased Access Control [ J ]. ACM Transactions on Information and System Security,2006,9(4):391-420. [ 4 ]　Sasturkar A,Yang P,Stoller S D,et al. Policy Analysis for Administrative Role Based Access Control [ C ] / / Proceedings of the 19th IEEE Workshop on Computer Security Foundations. Washington D. C. , USA: IEEE Computer Society,2006:124-138. [ 5 ]　刘　强,姜云飞,饶东宁. 基于Graphplan 的ARBAC 策略安全分析方法[J]. 计算机学报,2009,32 (5): 910-921. [ 6 ]　杨秋伟,洪　帆,杨木祥,等. 基于角色访问控制管理模型的安全性分析[J]. 软件学报,2006,17 (8): 1804-1810. [ 7 ]　Jha S,Li Ninghui,Tripunitara M,et al. Towards Formal Verification of Role-based Access Control Policies[J]. IEEE Transactions on Dependable and Secure Computing, 2008,5(2):242-255. [ 8 ]　Stoller S D,Yang P,Ramakrishnan C R,et al. Efficient Policy Analysis for Administrative Role Based Access Contro[C] / / Proceedings of 2007 ACM Conference on Computer and Communication Security. [S. l. ]:ACM Press,2007:445-455. [ 9 ]　Silvio R,Anh T,Alessandro A. Boosting Model Checking to Analyse Large ARBAC Policies[C] / / Proceedings of the 8th International Workshop on Security and Trust Management. Pisa,Italy:ACM Press,2012:273-288. [10]　Baader F, Calvanese D, McGuinness D, et al. The Description Logic Handbook: Theory, Implementation, and Applications [ M ]. Cambridge, UK: Cambridge University Press,2003. [11]　Horrocks I,Patel-Schneider P F,Boley H,et al. SWRL: A Semantic Web Rule Language Combining OWL and RuleML[ EB / OL ]. (2011-11-30). http:/ / www. w3. org / Submission / SWRL / . [12]　OWLJessKB: A Semantic Web Reasoning Tool [EB / OL]. (2010-04-25). http / / edge. cs. drexel. edu / assembilies / software / owliesskb / . 编辑　金胡考

[1]	JIANG Qiqi, ZHANG Liang, PENG Lingqi, KAN Haibin. Accountable and Verifiable Outsourced Hierarchical Attribute Encryption Scheme Based on Blockchain [J]. Computer Engineering, 2025, 51(3): 24-33.
[2]	TAO Jingyi, PENG Lingqi, KAN Haibin. Decentralized k-Times Anonymous Attribute Authentication Supporting Blacklist [J]. Computer Engineering, 2025, 51(2): 159-169.
[3]	LI Haifeng, LIU Sensen, WANG Huaichao, LI Nansha, ZHANG Yifan. Airport Pavement Underground Disease Detection Algorithm Integrating Association Reasoning [J]. Computer Engineering, 2025, 51(2): 397-406.
[4]	ZHOU Xueyang, FU Qiming, CHEN Jianping, CHEN Yanming, LU You, WANG Yunzhe. Document-Level Relation Extraction Method Based on Evidence and Graph Inference: A Case Study of Medical Relationships [J]. Computer Engineering, 2025, 51(1): 106-117.
[5]	YU Yongtao, SUN Ao, LI Ang, ZHU Linlin. Optimization Method for Classifier Output Repeatability Based on Siamese Networks [J]. Computer Engineering, 2025, 51(1): 118-127.
[6]	LUO Huankun, GE Yifeng, LIU Shuai. Research Progress of Large Language Models in Mathematical Reasoning [J]. Computer Engineering, 2024, 50(9): 1-17.
[7]	Yedong MAO, Chunhui ZHANG, Jie CHEN. Evolvable Transformer Fault Diagnosis Model Combining Feature Analysis and Machine Learning [J]. Computer Engineering, 2024, 50(8): 379-388.
[8]	Zhengkang ZHANG, Dan YANG, Tiezheng NIE, Yue KOU. Self-Supervised Learning Based on Graph Structural Clustering for Disease Diagnosis Method [J]. Computer Engineering, 2024, 50(7): 360-371.
[9]	SUN Jin, SU Wenjuan, WANG Lu, YE Kexin. Secure Rental Scheme Based on Consortium Blockchain and InterPlanetary File System [J]. Computer Engineering, 2024, 50(11): 187-196.
[10]	Yunshu LIU, Yanming SHEN, Heng QI, Baocai YIN. Multi-hop Knowledge Base Question Answering Model Based on Hierarchical Structure Graph [J]. Computer Engineering, 2024, 50(1): 101-109.
[11]	Jie ZHAO, Wenhao YE, Zhouyang LIANG, Jianxin CHEN, Zhenning DONG. Fuzzy Rough Set Feature Selection Based on Inconsistent Nearest Neighbors [J]. Computer Engineering, 2024, 50(1): 110-119.
[12]	Zuhe YANG, Zhihui LI, Yunqi TANG, Yuwen YAN, Huaqing SONG. Pedestrian Attribute Recognition Algorithm Combining Semantic and Image Information [J]. Computer Engineering, 2023, 49(8): 215-222, 231.
[13]	Baohua HUANG, Huiying ZHENG, Xi QU, Ningjiang CHEN. Efficient Storage Access Control Scheme for Alliance Chain [J]. Computer Engineering, 2023, 49(8): 37-45.
[14]	Mingchang BAI. Node Embedding Method Based on Folded Path Aggregation on Attributed Network [J]. Computer Engineering, 2023, 49(7): 76-84.
[15]	XIONG Zhongmin, ZENG Qi, LU Peng, WANG Zhenhua, ZHENG Zongsheng. Logical Reasoning Based on Residual Attention Multi-scale Relation Network [J]. Computer Engineering, 2023, 49(6): 227-233,241.

Please choose a citation manager

Content to export

Research on Reachability Reasoning Method for Attribute-based Role Assignment Model

基于属性的角色委派模型可达性推理方法研究

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments

模态框（Modal）标题

Please choose a citation manager

Content to export

Research on Reachability Reasoning Method for Attribute-based Role Assignment Model

基于属性的角色委派模型可达性推理方法研究

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments