Research And Application On Ontology And Rule Based RBAC Model

Access control technology is the preventive measure for defending against the illegal using of resource, and its main task is to ensure the computer resource be used and accessed authoritatively. The cores of access control technology are access control model and access control policy; they provide a framework to ensure the information infrastructure be secured and provide a security method to manage and protect information resource.Role-Based access control(RBAC) model introduces a new concept– the role, which can separate the user and permission logically, and reduces the complexity of authorization management; nowadays, it is one of the popular models for access control used in current application systems. However, with the development of management system, it becomes more and more frequent to authorize and revocate user's permissions and current RBAC model can not meet this requirement. Moreover, the traditional RBAC model is short in formal representation of model and access control policy, semantic interoperability among access control entities, formal representation for detecting policy conflicts; and it doesn't have ability of reasoning.In this paper, an extended RBAC model which based on ontology and the rule– OntoRB-RBAC model is proposed. This model uses ontology language OWL(Web Ontology Language) with expressive ability of semantic to represent RBAC model formally: it defines the various entities of RBAC model as the concepts of ontolgy, and defines the relationships between entities as properties of ontology. Moreover, this model identifies access control policy in the form of rules by SWRL(Semantic Web Rule Language) formally and achieves the standardization when representing the access control policy; it uses the reasoning mechanism baesd on ontology and SWRL to manage the reasoning process of the ontology and SWRL; it can implement the process of efficient management on largescale users'authorization and revocation, and can acquire the implicit knowledge in the model and enhance the expression of the model semantically. Last, this paper proposes an approach to detect policy conflicts based on description logics formally, and gives the corresponding conflict elimination solutions for different causation of confilcts; and it ensures the access control policy within application security domain be consistent and prevents unauthorized access.This paper begins with the access control technology, mainly focuses on the RBAC model and rule-based access control policy, and then introduces the tecnology of the ontology and SWRL in detail; then proposes and discusses OntoRB-RBAC model in detail. Finally, this paper designs and implements an experimental system based on OntoRB-RBAC model and verifies the feasibility and advantages of the model.