Relation-Based Access Control: An Access Control Model for Context-Aware Computing Environment
Wireless Personal Communications: An International Journal
Relationship-based access control: protection model and policy language
Proceedings of the first ACM conference on Data and application security and privacy
Supporting role based provisioning with rules using OWL and F-logic
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Relationship-based access control policies and their policy languages
Proceedings of the 16th ACM symposium on Access control models and technologies
Towards a socially aware home router
Proceedings of the First ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Research
Finding overlapping communities in a complex network of social linkages and Internet of things
The Journal of Supercomputing
Hi-index | 0.00 |
The Web 2.0, GRID applications and, more recently, semantic desktop applications are bringing the Web to a situation where more and more data and metadata are shared and made available to large user groups. In this context, metadata may be tags or complex graph structures such as file system or web directories, or (lightweight) ontologies. In turn, users can themselves be tagged by certain properties, and can be organized in complex directory structures, very much in the same way as data. Things are further complicated by the highly unpredictable and autonomous dynamics of data, users, permissions and access control rules. In this paper we propose a new access control model and a logic, called RelBAC (for Relation Based Access Control) which allows us to deal with this novel scenario. The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As such, access control rules are assigned an arity which allows a fine tuning of which users can access which data, and can evolve independently, according to the desires of the policy manager(s). Furthermore, the formalization of the RelBAC model as an Entity-Relationship (ER) model allows for its direct translation into Description Logics (DL). In turn, this allows us to reason, possibly at run time, about access control policies.