Fast semantic Attribute-Role-Based Access Control (ARBAC) in a collaborative environment

This paper is an early report of our continuing effort to provide a platform-independent framework so that information originators and security administrators can specify access rights to information consistently and completely, and that this specification is then rigorously enforced. To accomplish this objective it is necessary to link a security policy model to a policy language with sufficient expressive power to ensure logical consistency. For the purposes of this research we are using a modified Attribute-Role-Based Access Control (ARBAC) security model and the Web Ontology Language (OWL) with additional rules in a logic programming framework to express access policy, going beyond the limitations of previous attempts in this vein. In addition we are developing a mechanism using knowledge compilation techniques that allows access policy constraint checking to be implemented in real-time, via a bit-vector encoding that can be used for rapid run-time reasoning.