Loading...

Analysis of Non-monotonicity Property in Access Control for Pervasive Computing Environment

Javadi, Ahmad | 2012

532 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 43381 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasoul
  7. Abstract:
  8. Access control, which is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied, plays an important role in the system security. The existing of non-monotonicity property in a deduction and decision making process means that some of the previous deductions or decisions may be retracted by adding new information and premises. Based on the definition, in a non-monotonic access control system, adding new information or access control rules may invalidate some of the previous conclusions (permissions/prohibitions). The requirements such as decision making based on the imperfect information, supporting default policies, definition (or specification) of exceptions in access control policies, combining policies, and supporting conflict resolution among policy rules are introduced as the motivationsforestablishing non-monotonic access control systems. Due to the lack of a complete analysis about approaches that can be used to satisfy the non-monotonic requirements of access control in pervasive computing environments, providing such an analysis is the main goal of this thesis. Context-awareness is an essential requirement of access control model in pervasive computing environments. Thus, context-aware access control and its challenges are further discussed. Using a powerful approach to modeling context information is an essential requirement for a context-aware access control model. Based on the previous researches, using description logic (that used for ontology representation) is more suitable than other approaches for context information modeling. In addition, based on the analysis that is represented in this thesis, using answer set programing is a suitable approach to deal with non-monotonic requirements of access control. Thus, this thesis proposes a context-aware access control model using MKNF+ logic, which is a combination of Description Logic (DL) and Answer Set Programming (ASP). Along with the use of DL to define ontology for main access control entities and context information; MKNF+ rules are used to define access control, default, and exception policy rules. The proposed model inherits the advantages of ontological representation of access control entities and context information (such as interoperability among systems) as well as the ASP advantages in non-monotonic reasoning through closed-world principle and negation as failure. The expressive power of the model is also demonstrated by a case study.

  9. Keywords:
  10. Access Control ; Pervasive Computing ; Nonmonotonic Reasoning ; Nonmonotonicity Property

 Digital Object List

 Bookmark

No TOC