Non-monotonocity in OrBAC through default and exception policy rules

Context-awareness is an essential requirement of modern access control models. Organization-Based Access Control (OrBAC) model is a powerful context-aware access control model defined by first-order logic. However, due to the monotonicity nature of the first-order logic, OrBAC suffers from the incapability of making decision based on incomplete context information as well as the definition of default and exception policy rules. This paper proposes augmenting non-monotonicity features to OrBAC using MKNF⁺ logic, which is a combination of Description Logic (DL) and Answer Set Programming (ASP). Along with the use of DL to define ontology for main entities and context information in OrBAC; MKNF⁺ rules are used to define access control, default, and exception policy rules. The proposed model inherits the advantages of ontological representation of OrBAC entities and context information (such as interoperability among systems) as well as the ASP advantages in non-monotonic reasoning through closed-world principle and negation as failure. The expressive power of the model is also demonstrated through a case study.