Dynamic Access Control Policies Based On Ontology Language

At present, security model to control access to critical resources and services arebeing widely used wherever in the web or inside the numerous companies. Themethods of defending resources from accessing illegally are essential. Role BasedAccess Control(RBAC) is a fundamental model in this field. It has been developedand implemented through various ways.However, facing the challenge brought by the growing distributed system, policymanagement and composition is being paid much attention to. Traditional methods ofbuilding policies are mostly based on Structure Description Language which lacksflexibility. Due to this it is hard to make policy composition easily. Referring to thedata management method in web field which is called Linked Data, we introduce theOntology Language which is the core of Linked Data to construct access controlmodel and a correspondent way to manage them. An abstract mathematic model isalso set up, in order to transform access and policy composition problem into Mapproblems, which can make up for the shortage of flexibility. The main content of thispaper is as follows:(1) We perceive the RBAC as an original model, improving describing method ofpolicy and set up a complete mathematic describing model according to thedata net characteristic owned by Linked Data. Policies based on Ontology canbe readable to machines, data integration become easier to achieve, and mostimportant thing is that it makes policy description more flexible which makessense in a distributed system.(2) After the single access control model based on Ontology Language is set upcompletely, we put forward policy composition model, including differentsolutions to conflicts with its own advantages and disadvantages. We alsodemonstrate the feasibility of model according to mathematic model.(3) we design an experiment to prove it, results and analysis are presented. Wemake sure about its correctness, which means that the model can be deployedin practice. To some extent, the efficiency of single system model is tested and analyzed. In the end, a mathematic formula about efficiency is given.We believe that despite the efficiency problem which has not been tested com-pletely, this new describing mechanism of access control model which is based onMap model, will play significant roles in the future research work of access model’spolicy composition.