计算机应用 ›› 2012, Vol. 32 ›› Issue (09): 2624-2627.DOI: 10.3724/SP.J.1087.2012.02624

• 信息安全 • 上一篇    下一篇

权限扩展RBAC模型的本体表示和实现

周加根*,叶春晓   

  1. 重庆大学 计算机学院,重庆 400044
  • 收稿日期:2012-02-28 修回日期:2012-04-16 发布日期:2012-09-01 出版日期:2012-09-01
  • 通讯作者: 周加根
  • 作者简介:周加根(1987-),男,江苏南通人,硕士研究生,主要研究方向:访问控制、本体建模; 叶春晓(1973-),男,重庆人,教授,博士,主要研究方向:本体、访问控制。
  • 基金资助:

    重庆大学研究生科技创新基金资助项目(CDJXS11180022)

Ontology representation and realization of extended permission in RBAC

ZHOU Jia-gen*,YE Chun-xiao   

  1. College of Computer Science,Chongqing University,Chongqing 400044,China
  • Received:2012-02-28 Revised:2012-04-16 Online:2012-09-01 Published:2012-09-01
  • Contact: Jia-Gen ZHOU

摘要: 针对基于角色的访问控制(RBAC)模型对权限实体的刻画能力不足,提出了带权限层次扩展的RBAC模型。为结合本体在知识表示和推理方面的优势,提出了该模型的本体表示和实现方法。该方法使用Web本体语言(OWL)表示该扩展模型,借助语义Web规则语言(SWRL)定义模型中应用逻辑规则,隐式授权知识经规则推理获得。在此基础上,通过SPARQL协议和RDF查询语言(SPARQL)查询命令生成显式和隐式授权视图,实现系统安全状态分析。最后,给出了具体应用示例,表明该方法的可行性。

关键词: 基于角色的访问控制, 本体, Web本体语言, 授权视图

Abstract: Role Based Access Control (RBAC) has deficiency in characterizing permissions, so an extended RBAC model with permission hierarchy was presented. To utilize advantages of ontology in knowledge representing and reasoning, an ontology based representation and realization method of the extended model was proposed. Web Ontology Language (OWL) was used to formalize the ontology of this model, and some specific reasoning rules in the model were defined by Semantic Web Rule Language (SWRL). Implicit knowledge about authorization was derived through rule based reasoning. Based on this, explicit and implicit authorization views were generated for security analysis through the SPARQL Protocol and RDF Query Language (SPARQL). Finally, a case study was introduced to show the feasibility of the method.

Key words: Role Based Access Control (RBAC), ontology, Web Ontology Language (OWL), authorization view

中图分类号: