Fuzzy Role Based Access Control Design using Fuzzy Ontology

Fuzzy Role Based Access Control Design using Fuzzy Ontology

Chandra Mouliswaran Subramanian (Vellore Institute of Technology, Vellore, India) and Aswani Kumar Cherukuri (Vellore Institute of Technology, Vellore, India)
Copyright: © 2019 |Pages: 19
DOI: 10.4018/IJITPM.2019100105

Abstract

Fuzzy role-based access control (FRBAC) is essential for risk-based environments in many futuristic applications, even though role-based access control (RBAC) is the efficient and widely used access control model for enterprise applications. In FRBAC, authorization related information is vague. It brings the fuzziness in mapping among the components of FRBAC such as user, role and permission. Holding the fuzziness in FRBAC, it is challenging for the security engineer to verify the constraints and correctness of access control policy. On verifying the constraints and correctness of access control policy, knowledge representation techniques are much useful in practice. In this scenario, representing FRBAC using fuzzy ontology might be the right choice for semantic web application. The main objective of this article is to represent the access permissions of FRBAC using fuzzy ontology and verify whether the constraints of FRBAC are possible to get implemented in it or not.
Article Preview
Top

Introduction

Access control is the central and challenging logical entity in any security mechanism. Access control systems control the access rights by implementing various access control policies which maps subjects and objects with their access permissions. Various access control models are available to represent and enforce access control system. Among the various access control models, Role Based Access Control (RBAC) is the flexible and scalable access control model. RBAC simplifies the administration by introducing the intermediary controls such as roles (Ferraiolo, Sandhu, Gavrila, Kuhn, & Chandramouli, 2001). Here, permissions are assigned to roles and users are associated with roles. Though it is the widely used access control model in corporate environment, there are some constrained and futuristic applications where the authorization related information is vague (Covington, Moyer, & Ahamad, 2000) and access decisions have fractional meaning in allowing the execution of action to certain percentage of degree (Wiese, 2010). In those constrained and futuristic applications, it becomes essential to introduce fuzziness in user-role mapping, role-permission mapping and user–permission mapping and lead the introduction of FRBAC. The entire formalism of FRBAC is introduced by Martínez-García, Navarro-Arribas, and Borrell (2011). In this formalism, the mapping strength among users, roles and permissions gets the value in the range of zero to one. The logical and formal representations of any policy help in verifying the correctness of its design and implement it in different applications (Zhao, Heilili, Liu, & Lin, 2005). On representing RBAC, the literature investigates the various frameworks such as description logic, formal concept analysis (FCA) and ontology (Knechtel, 2010; Kumar, 2013; Subramanian, Cherukuri, & Chelliah, 2018).

Among the various representation techniques, ontology provides the advantage of sharing a common understanding of information structure among people and software agents. Ontologies play the prominent role in representation of knowledge under semantic web. In general, Ontologies are developed and get deployed to enable knowledge sharing and reuse. The literature investigates the usage of ontologies in representing and reasoning various access control policies and models. Formerly, Di, Jian, Yabo, and Miaoliang (2005) have specified the constraints of RBAC using OWL. In an important work, Knechtel (2010) have proposed the techniques to enable query-based access control for ontologies and experimented them with ontology from a marketplace. García-Crespo, Gómez-Berbís, Colomo-Palacios, & Alor-Hernández (2011) have proposed the new strategy called SecurOntology for semantic web access control framework. Recently, Choi, Choi, and Kim (2014) have introduced the ontology-based access control model (Onto-ACM) for cloud environment using context aware semantic access control. Apart from this, there are several ontology-based access control models are available in open scenarios like online social network (Masoumzadeh & Joshi, 2011; Imran-Daud, Sánchez, & Viejo, 2016).

To deal with uncertainty in knowledge representation, the literature investigates the usage of fuzzy FCA in regular web applications (Kumar, & Srinivas, 2010; Kumar, 2012; Ravi, Ravi, & Prasad, 2017) and fuzzy ontology in semantic web applications (Imran-Daud et al., 2016). Fuzzy ontologies are the generalized form of ontology to handle uncertainty and supports to represent and model uncertain information or knowledge. It is useful in various applications such as information retrieval, image processing and semantic web (Bobillo, 2016). Bobillo (2016) have analyzed the fuzzy ontology representation using OWL 2. Several reasoners such as fuzzyDL, DeLorean and FIRE are readily available in the literature for representing and verifying the fuzzy ontologies. In the recent times, Rodríguez, Cuéllar, Lilius, and Calvo-Flores (2014) have used fuzzy ontologies to model human activity representation and reasoning human behavior from the incomplete and uncertain knowledge. Further, Ali, Kwak, Islam, Kim, and Kwak (2017) have applied the fuzzy ontology to perform sentiment analysis from tweets and semantic web rule language-based decision making to monitor transportation activities and derive city-feature opinion.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 11: 4 Issues (2020): 1 Released, 3 Forthcoming
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing