OrBAC from access control model to access usage model

作者:Khalida Guesmia, Narhimene Boustia

摘要

The purpose based access control model has been proposed recently to restrict the access to the sensitive data which are out of control of their owner. This model can be enforced by ensuring that the user who wants to access the private data will respect the specific plan of tasks/actions that leads to achieving the intended objective to use these data. The Organization Based Access Control (OrBAC) model is suitable to integrate this principle, but in a dynamic environment such as the cloud computing, the authorization rules should be expressed in flexible way, and they may include optional tasks which can be skipped in some cases in order to adapt temporarily to the changes in the context. To meet these requirements, we propose in this paper a new extension of the OrBAC model using the temporal nonmonotonic description logic (\(\textit {TL-JClassic}^{+}_{\delta \epsilon }\)) that allows to represent formally the policy rules as hierarchical planning that includes a set of ordered tasks that may admit exceptions in special cases and when the access request is made, the access control system depending on the current context will infer dynamically the appropriate sequence of actions that can be performed by subject who demands access to private data that may be outsourced into the cloud.

论文关键词:Data privacy, Purpose based access control, Organization based access control, Nonmonotonic reasoning, Temporal description logic

论文评审过程:

论文官网地址:https://doi.org/10.1007/s10489-017-1064-3