Authors:
Mouiad Al-Wahah
and
Csilla Farkas
Affiliation:
College of Engineering and Computing, University of South Carolina, 301 Main St, Columbia, SC and U.S.A.
Keyword(s):
Description Logic, Monotonic, Non-monotonic, OWL Ontology, Context Delegation, Access Control, Authorization.
Abstract:
Delegating access privileges is a common practice of access control mechanisms. Delegation is usually used for distributing responsibilities of task management among entities. Delegation comes in two forms, GRANT and TRANSFER. In GRANT delegation, a successful delegation operation allows delegated privileges to be available to both the delegator and delegatee. In TRANSFER delegation, delegated privileges are no longer available to the delegator. Although several delegation approaches have been proposed, current models do not consider the issue of context delegation in context-based access control policies. We present two ontology-based context delegation approaches. Monotonic context delegation, which adopts GRANT version of delegation, and non-monotonic for TRANSFER version of delegation. The approach presented here provides a dynamic and adaptive privilege delegation for access control policies. We employ Description logic (DL) and Logic Programming (LP) technologies for modeling c
ontexts, delegation and CBAC privileges. We have designed three lightweight Web Ontology Language (OWL) ontologies, CTX, CBAC, and DEL, for context, Context-Based Access Control (CBAC), and delegation, respectively. We show that semantic-based techniques can be used to support adaptive and dynamic context delegation for CBAC policies. We provide the formal framework of the approaches and show that they are sound, consistent and preserve least-privilege principle.
(More)