Title :
Automated analysis of semantic-aware access control policies: a logic-based approach
Author :
Armando, Alessandro ; Carbone, Roberto ; Ranise, Silvio
Author_Institution :
AI-Lab., Univ. di Geneva, Genova, Italy
Abstract :
As the number and sophistication of on-line applications increase, there is a growing concern on how access to sensitive resources (e.g., personal health records) is regulated. Since ontologies can support the definition of fine-grained policies as well as the combination of heterogeneous policies, semantic technologies are expected to play an important role in this context. But understanding the implications of the access control policies of the needed complexity goes beyond the ability of a security administrator. Automatic support to the analysis of access control policies is therefore needed. In this paper we present an automatic analysis technique for access control policies that reduces the reach ability problem for access control policies to satisfiability problems in a decidable fragment of first-order logic for which efficient solvers exist. We illustrate the application of our technique on an access control model inspired by a Personal Health Application of real-world complexity.
Keywords :
authorisation; computability; ontologies (artificial intelligence); reachability analysis; access control model; fine-grained policies; first-order logic; heterogeneous policies; logic-based approach; ontology; personal health record; reachability problem; satisfiability problem; security administrator; semantic technology; semantic-aware access control policy; Access control; Complexity theory; Medical services; Ontologies; Semantics; automatic analysis; logic-based methods; semantic-aware access control;
Conference_Titel :
Semantic Computing (ICSC), 2011 Fifth IEEE International Conference on
Conference_Location :
Palo Alto, CA
Print_ISBN :
978-1-4577-1648-5
Electronic_ISBN :
978-0-7695-4492-2
DOI :
10.1109/ICSC.2011.74
