Research On Implementation Methods Of Relation-based Access Control Model

The Relation-based Access Control(Rel BAC)model was originally proposed by F.Giunchiglia in 2008.Comparing to traditional access control models,it treats authorization the same as subject and object thus the access control policies could be flexibly formulated and implemented.Rel BAC utilize simple-structured lightweight ontologies to depict each part of the model.Concepts of the ontology are signed by formalized logical tags which have clear and rigorous access control semantics.The Rel BAC model eases the management of access control policy which aims to facilitate end users,the potential access control administrators,without professional security background to manage their personal stuffs such as blogs,photos,mails,etc.Due to its logic backend and popularization,Rel BAC has attacted more and more attention in recent years.Concurrently,the bottleneck of the model in practice has been highlighted.In Rel BAC,an authorization is formalized as a description logic role while DL reasoners serve as permission checking.However,the Rel BAC model is formalized with the DL of ALCQIBO,which is NExp Time-Complete.No state of the art reasoners can check a knowledge base in this logic.Therefore,this paper proposes two knowledge base transformation methods which aims to make Rel BAC model into practice.Total Access Control(TAC)policy,is the core factor which determines the extremely high reasoning complexity of Rel BAC model.One way to exceed the barrier is to utilize Semantic Web Language Rule(SWRL),instead of ALCQIBO,to depict TAC policy,in addition the semantic of ALCQIBO is preserved.This will make the Rel BAC KB formalized by ALCQIO and SWRL together,and thus mainstream DL reasoners will be able to provide reasoning services to Rel BAC KB.To validate our approach,we create series of benchmark ontologies with the policies transformed.Testing results show that our method enables the state of the art reasoners to work on the logical-too-complex reasoning problem of Rel BAC.We also propose a completely different method to solve the complexity problem.By the definition of ASet,all the necessary ABox assertions of the DL KB could be found through a procedure we name as population.Then the populated DL KB can be compiled into a Propositional Logic(PL)format.Authentication queries to the DL KB can be compiled to satisfiability checkings of the PL KB.The compiling procedure is sound and in the AC point of view can be ‘complete'.Synthetically,the Rel BAC model is implemented by the above two knowledge base conversion methods,which creates the theoretical and realistic conditions for the practical application of the model.