Research And Application On Ontology And Rule Based Access Control Model

With the advent and rapid development of Internet technologies and new network technologies,distributed computing has been fully applied in various segments such as finance,industry,and culture.The large number of users and types of business growth and the frequent cross-domain business transactions with external systems have caused internal application systems in these subdivided industries to face problems such as reduced efficiency and increased security risks.Authorization and restrictions through access control technologies are the solutions to these problems.Access control technology is a key research object in the field of information security.Its main role is to allow authorized subjects or prevent access to system resources from unauthorized subjects.The access control model provides a core framework for the security foundation of the access control technology.Establishing a model's rule strategy provides a solution and protection method for system resources,which makes the system environment protected from malicious user's destruction and theft.Attribute based access control(ABAC)model uses attribute characteristics to model all the access control permissions.This model can effectively implement more fine-grained rights management and complex relationship authority management of subject and object attributes.But the traditional ABAC model is difficult to meet the current popular application scenarios.It has defects in the formal expression and semantic understanding of access control rules and does not have the function of logical reasoning.In this paper,when building an access control model that satisfies the requirements of security applications,the formal expression of policy rules,semantic understanding and reasoning are added to the model.Based on this,an ABAC model-OR-ABAC model based on ontology and rules is proposed.This model makes use of the Web Ontology Language(OWL),an important component of the Semantic Web,to semantically express the rules established in the model,realize the formal description of the ABAC model,and map all attribute elements and relationships to ontological forms,providing a clear semantic representation of the rules.In addition,SWRL(Semantic Web Rule Language)language is used to construct the access control inference rules,which realizes the formal description and improves the precise expression ability of the access rules and the reasoning ability of the relationship between attributes.The combination of OWL and SWRL completes the establishment and reasoning of ontologies for model data and rules,and provides support for automatic system decision making.The powerful semantic expression capability effectively implements the authorization management of complex systems,and prevents the overflow of authorizations through ontologies consistency checking and inference testing of implicit knowledge.Finally,the OR-ABAC model was tested and the prototype system verified that the model has high security,flexibility and feasibility.