Access Policy Design Supported by FCA Methods

Frithjof DauFrithjof Dau, Martin KnechtelMartin Knechtel

Download

Frithjof Dau, Martin Knechtel
Access Policy Design Supported by FCA Methods
In Frithjof Dau and Sebastian Rudolph, eds., Proceedings of the 17th International Conference on Conceptual Structures, (ICCS 2009), volume 5662 of Lecture Notes in Computer Science, 141-154, 2009

Details
Bibtex

KurzfassungAbstract
Role Based Access Control (RBAC) is a methodology for providing users in an IT system specific permissions like write or read to users. It abstracts from specific users and binds permissions to user roles. Similarly, one can abstract from specific documents and bind permission to document types. In this paper, we apply Description Logics (DLs) to formalize RBAC. We provide a thorough discussion on different possible interpretations of RBAC matrices and how DLs can be used to capture the RBAC constraints. We show moreover that with DLs, we can express more intended constraints than it can be done in the common RBAC approach, thus proving the benefit of using DLs in the RBAC setting. For deriving additional constraints, we introduce a strict methodology, based on attribute exploration method known from Formal Concept Analysis. The attribute exploration allows to systematically finding unintended implications and to deriving constraints and making them explicit. Finally, we apply our approach to a real-life example.
Forschungsgruppe:Research Group: AutomatentheorieAutomata Theory

@inproceedings{ DaKn-ICCS-09,
  author = {Frithjof {Dau} and Martin {Knechtel}},
  booktitle = {Proceedings of the 17th International Conference on {C}onceptual {S}tructures, {(ICCS 2009)}},
  editor = {Frithjof {Dau} and Sebastian {Rudolph}},
  pages = {141--154},
  series = {Lecture Notes in Computer Science},
  title = {Access Policy Design Supported by {FCA} Methods},
  volume = {5662},
  year = {2009},
}