Role based access control design using three-way formal concept analysis
- PDF / 3,702,977 Bytes
- 31 Pages / 595.276 x 790.866 pts Page_size
- 47 Downloads / 165 Views
ORIGINAL ARTICLE
Role based access control design using three-way formal concept analysis Chandra Mouliswaran Subramanian1 · Aswani Kumar Cherukuri1 · Chandrasekar Chelliah2 Received: 1 September 2017 / Accepted: 5 June 2018 © Springer-Verlag GmbH Germany, part of Springer Nature 2018
Abstract Role based access control (RBAC) is one of the popular access control models. On representing the policy behind RBAC, the literatures investigate the use of various knowledge representation techniques such as Descriptive logics, Formal Concept Analysis (FCA), Ontology etc. Based on the input of binary access control table, the existing knowledge representation techniques on RBAC derives two-way decisions whether to permit the access request or not. It works well when single element in the set of elements of a constituent of RBAC initiates the access request. Consider the scenario of multiple distinct elements in the set of elements of a constituent of RBAC initiate the collective access request to a set of elements in other constituent of RBAC. In many cases of this scenario, some elements possess but not all of the elements possess the permission to access all elements in other subset of a constituent of RBAC. On this situation, the collective access decision to those multiple distinct elements in the set of elements of a RBAC constituent appears in three forms such as permit, deny and non-commitment. Three-way formal concept analysis (3WCA) is an emerging knowledge representation technique which provides two types of three-way concepts and their lattices to enable three-way decisions from the binary information table. At this juncture, it is more suitable to apply 3WCA on representing the RBAC policy to enable three-way decisions instead of existing two-way decisions in classical FCA and triadic FCA. The main objective of this paper is to propose a methodology for modelling RBAC using 3WCA and attain its distinctive merits. Our discussion is on two lines of inquiry. We present on how 3WCA can provide suitable representation of RBAC policy and whether this representation follows role hierarchy and constraints of RBAC. Keywords Access control · Role based access control · 3WCA · Three-way concept · Three-way concept lattice
1 Introduction Organisations try to protect their resources from unauthorized access through access control mechanisms. Access control is one of the essential and challenging security mechanisms. Various access control policies, models and mechanisms have been proposed in the literature [38]. * Chandra Mouliswaran Subramanian [email protected] Aswani Kumar Cherukuri [email protected] Chandrasekar Chelliah [email protected] 1
School of Information Technology and Engineering, Vellore Institute of Technology, Vellore, Tamil Nadu 632014, India
Department of Computer Science, Periyar University, Salem, Tamil Nadu 636011, India
2
Among these models, RBAC is the widely deployed access control model. By introducing the concept of roles between the users and permissions, it brings the set of users o
Data Loading...
