Loading...

A Semantic-Aware Authorization Model Based on Deontic Logic

Amini, Morteza | 2010

640 Viewed
  1. Type of Document: Ph.D. Dissertation
  2. Language: Farsi
  3. Document No: 40949 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasoul
  7. Abstract:
  8. Semantic technology provides an abstraction layer above existing computational environments, especially the Web, to give information a well-defined meaning. Moving toward semantic-aware environments imposes new security requirements. One of the most important requirement is the authorization and security policy inference based on the existing semantic relationships in the abstract (conceptual) layer. Most of the authorization models proposed for these environments so far are incomplete and their inference rules are not guaranteed to be consistent, sound, and complete. To have a sound and complete system for policy specification and inference, in this thesis, a family of modal logics, called MA(DL)2, is proposed with the corresponding syntax, proof theory, and semantics. The core of this family of logic is a combination of multi-authority version of deontic logic (MADL) and description logic (DL). It is proven that the proposed logics in this family are sound, complete, and decidable and have finite model property. We then propose an authorization model based on the MA(DL)2 logic, which enables authorities of different security domains to specify their security policies in conceptual and ground (individual) levels in terms of deontic statuses: permission, obligation, and prohibition. The logical foundation of the model enables it to infer implicit security policies from the explicit ones based on the semantic relationships defined in subjects, objects, and actions ontologies. Cooperative security management in shared subdomains (in spite of the distribution of policy specification), context-awareness and modal conflict resolution of policies are the other characteristics of the proposed model. To show the applicability of the proposed model, an automatic inference method based on the analytical tableaux approach is presented for the MA(DL)2 logic and has been implemented in Prolog as well. Using the developed inference engine, a prototype of an authorization and access control system has been implemented and experimental results of its evaluation is presented in the thesis.

  9. Keywords:
  10. Data Security ; Description Logic ; Authorization ; Access Control ; Deontic Logic ; Semantic Technology ; Semantic Aware Environment

 Digital Object List

 Bookmark

No TOC