Supporting RBAC with XACML+OWL

Authors:
Rodolfo Ferrini;Elisa Bertino
Affiliations:
Purdue University, West Lafayette, IN, USA;Purdue University, West Lafayette, IN, USA
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 6
Cited 9

Specifying and enforcing constraints in role-based access control

Proceedings of the eighth ACM symposium on Access control models and technologies
KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
The description logic handbook: theory, implementation, and applications

The description logic handbook: theory, implementation, and applications
Analyzing web access control policies

Proceedings of the 16th international conference on World Wide Web
ROWLBAC: representing role based access control in OWL

Proceedings of the 13th ACM symposium on Access control models and technologies
Using semantic web technologies for policy management on the web

AAAI'06 proceedings of the 21st national conference on Artificial intelligence - Volume 2

A DL-based method for access control policy conflict detecting

Proceedings of the First Asia-Pacific Symposium on Internetware
The Policy Machine: A novel architecture and framework for access control policy specification and enforcement

Journal of Systems Architecture: the EUROMICRO Journal
A controlled natural language interface for authoring access control policies

Proceedings of the 2011 ACM Symposium on Applied Computing
The pragmatics of event-driven business processes

Proceedings of the 7th International Conference on Semantic Systems
Ontology-based matching of security attributes for personal data access in e-health

OTM'11 Proceedings of the 2011th Confederated international conference on On the move to meaningful internet systems - Volume Part II
Role-Based access control for model-driven web applications

ICWE'12 Proceedings of the 12th international conference on Web Engineering
Development of a system framework for implementation of an enhanced role-based access control model to support collaborative processes

HealthSec'12 Proceedings of the 3rd USENIX conference on Health Security and Privacy
FENCE: continuous access control enforcement in dynamic data stream environments

Proceedings of the third ACM conference on Data and application security and privacy
Extensible access control markup language integrated with Semantic Web technologies

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

XACML does not natively support RBAC and even the pecialized XACML profiles are not able to support many relevant constraints such as static and dynamic separation of duty. Extending XACML to support such constraints, however, is an issue that requires extensions not only to the XACML language but also to the XACML reference architecture and engine. In this paper we introduce XACML+OWL, a framework that integrates OWL ontologies and XACML policies for supporting RBAC. The basic idea is to decouple the design of an RBAC system by modeling the role hierarchy and the constraints with an OWL ontology and the authorization policies with XACML. In doing this, we introduce new functions that extend policies with semantic reasoning services based on the OWL ontology. As part of such extension, we extend the reference architecture of XACML and the XACML data-flow for access control decisions with the invocation of such functions.