Specification of history based constraints for access control in conceptual level

Abstract

An access control model for Semantic Web should take the semantic relationships among the entities, defined in the abstract conceptual level (i.e., ontology level), into account. Authorization and policy specification based on a logical model let us infer implicit security policies from the explicit ones based on the defined semantic relationships in the domains of subjects, objects, and actions. In this paper, we propose a logic based access control model for specification and inference of history-constrained access policies in conceptual level of Semantic Web. The proposed model (named TDLBAC-2) enables authorities to state policy rules based on the history of users' accesses using a temporal description logic called script D script L ℛUS. The expressive power of the model is shown through seven different patterns for stating history-constrained access policies. The designed access decision algorithm of the model leverages the inference services of script D script L ℛUS, which facilitates the implementation of an enforcement system working based on the proposed model. Sound inference, history-awareness, ability to define access policies in conceptual level, and preciseness are the main advantages of the proposed model. © 2010 Springer-Verlag.