| Role Based Access Control (RBAC) is recognized as the predominant model in the ac-cess control field nowadays.Compared with traditional access control models, RBACobviously reduces the security administration cost and improves the system efficiency.However, many limitations of RBAC model surface in complex application environ-ment. In this dissertation, we study the disadvantages of RBAC model, and present aframework based on answer set programming (ASP) to address the issues. The maincontributions of this thesis are as follows:1. Present an ASP-based RBAC formalization framework. Access control rulesare error-prone due to the lack of a formalization framework for knowledge represen-tation and reasoning. We represent the model components of ANSI RBAC referencemodel, and illustrate that our logic framework is flexible and efficient for access controlreasonings.2. Propose an ASP-based authorization framework to support complicated andcombined policies. Policies are sets of specific access control rules. The support forflexible policies ensures the authorization decisions in RBAC systems. We proposean ASP-based RBAC extended model for negative authorization first. Then the fourmajor groups of policies are represented and integrated as an authorization framework.Finally, we prove the systems based on our framework are both safe and available.3. Propose an ASP-based approach for Inter-domain Role Mapping (IDRM) prob-lem. We extend the ASP-based RBAC framework to support the IDRM problem indistributed environments. Based on ASP, we employ the graph coloring problem andput forward an approach to solve IDRM problem. Conflicts that brought by IDRM arediscuss in the following, with sets of rules for conflict resolution. |
PDF Full Text Request