A Role-Permission Assignment Method of RBAC Involved Conflicting Constraints under E-CARGO

A Role-Permission Assignment Method of RBAC Involved Conflicting Constraints under E-CARGO

Wei Zhang (School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China), Yang Wang (School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China), Jingxin Zhu (School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China), Dongning Liu (School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China), Shaohua Teng (School of Computer Science and Technology, Guangdong University of Technology, Guangzhou, China) and Haibin Zhu (Collaborative Systems Laboratory, Nipissing University, North Bay, Canada)
DOI: 10.4018/IJCINI.2015100104
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Multi-agent systems are historically one of the most crucial problems and now become an important topic in cognitive theory. In the view of ontology theory, multi-agent systems are usually related to roles and agents are the executors of roles. We investigate an improved multi-agent system by solving the RBAC role-permission assignment problem with conflicting constrains in this paper, under the E-CARGO model that provides the formalization, the description of conflicts and the algorithms used in this paper. Simulation experiments with comprehensive consideration can verify the correctness of our method.
Article Preview

1. Introduction

In recent years, multi-agent systems are an important topic of cognitive theory, such as BDI (Believe, Desire, Intention) agents (Shi & Xu, 2009), non-monotonic logic (Liao & Lin, 2006), dynamic logic (Liu &Tang, 2010), etc. However, in the opinion of ontology, an agent is actually the executor of role, and agents will inevitably cause the conflicts among roles and agents (Pu et al. 2010). Roles based interactions are important elements of social activity and are fundamental aspects of cognitive informatics (Zhu, 2010). The authorization of agents and roles in RBAC (role-based access control) can be very complex, because there are the huge number of agents/roles and complicated constraints.

With the development of information technologies, RBAC (Role-Based Access Control) has been extensively used in the rights management (Huet et al., 2004). In RBAC, a role is an intermediary between a user and a permission (a role can be a group of users, these users have the same behaviors and responsibilities) and a role is used to link a user and permissions. A role can be utilized to solve the problems in traditional access control models, such as, the DAC (Discretionary Access Control) and MAC (Mandatory Access Control). These traditional access control models have some shortcomings and insufficiency (Zhao & Lin, 2005).

Under the cloud computing environments, the traditional access control model cannot satisfy the dynamic needs because these objects are unchangeable. However, the RBAC model is suitable for cloud computing (Zhao & Yao, 2012). The RBAC96 model (Zhang & Zhang, 2009), whose members include RBAC0, RBAC1, RBAC2, and RBAC3, consists of four basic elements: Users, Roles, Permissions, and Sessions. In RBAC96 (Figure 1), the authorization of users’ permissions is mainly through UA (user-role assignment) and PA (role-permission assignment), UA is a many-to-many assignment between User and Role, PA is a many-to-many assignment between Role and Permission.

Figure 1.

RBAC96

In this paper, we study the problem of assignment under some conflicting constraints. It has not still been solved because of complicated constraints. RBAC is still a Role-Based Collaboration (RBC) System. In RBC, roles are the major media and the basis for interaction, coordination, and collaboration (Zhu & Hou, 2011). RBC is a computational thinking methodology that mainly uses roles as underlying mechanisms to facilitate abstraction, classification, separation of concern, dynamics, and interactions. Based on roles, RBC is such an emerging methodology to facilitate an organizational structure, provide orderly system behavior, and consolidate system security for both human and non-human entities that collaborate and coordinate their activities with or within systems (Zhu & Zhou, 2006).

This paper is arranged as follows: Section 2 introduces the related work; Section 3 depicts the RBAC modeling based on E-CARGO; Section 4 describes the role permission assignment; Section 5 designs the algorithm for the assignment; Section 6 presents the results of simulation experiments; Section 7 concludes the paper and points out the future work.

In the implementation of the security policy of RBAC, we need to solve the problem of UA and PA. They are both M-M (Many-to-Many) assignment between agent and role, hence the role assignment is evidently an important challenging problem in a hierarchical organizational structure, and it is also an important problem in multi-agent systems.

Wei et al. (2013) propose a cooperation protocol design method for repository-based multi-agent systems. They aim at improving the efficiency of developing multi-agent system by introducing reusable protocol templates.

Wang (2009) proposes a cognitive informatics perspective on autonomous agent systems (AAS’s). He develops a hierarchical reference model of AAS’s, and describes the theoretical framework from facts of cognitive informatics, computational intelligence, and denotational mathematics.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing