Representation and reasoning on role-based access control policies with conceptual graphs

Romuald Thion

Stéphane Coulondre

pp. 427-440

in: Pascal Hitzler, Peter Øhrstrøm (eds), Conceptual structures: inspiration and application, Berlin, Springer, 2006

Abstract

This paper focuses on two aspects of access control: graphical representation and reasoning. Access control policies describe which permissions are granted to users w.r.t. some resources. The Role-Based Access Control model introduces the concept of role to organize users' permissions. Currently, there is a need for tools allowing security officers to graphically describe and reason on role-based policies. Thanks to conceptual graphs we can provide a consistent graphical formalism for Role-Based Access Control policies, which is able to deal with specific features of this access control model such as role hierarchy and constraints. Moreover, once a policy is modeled by CGs, graph rules and inference procedures can be used to reason on it; This allows security officers to understand why some permissions are granted or not and to detect whether security constraints are violated.