SBAC: “A Semantic–Based Access Control Model”

Semantic Web is the vision for future of current Web which aims at automation, integration and reuse of data among different Web applications. The shift to Semantic Web applications poses new requirements for security mechanisms especially in the access control models as a critical component of security systems. Access to resources can not be controlled in a safe way unless the access decision takes into account the semantic relationships among entities in the data model under the Semantic Web. Decision making for granting or revoking access requests by assuming entities in isolation and not considering their interrelations may result in security violations. In this paper, we present a Semantic Based Access Control model (SBAC) which considers semantic relations among different entities in the decision making process. For accurate decision making, SBAC considers semantic relations among entities in all domains of access control, namely the subject domain, the object domain and the action domain. To facilitate the propagation of policies in these three domains, we show how different semantic interrelations can be reduced to the subsumption problem. This reduction enhances the space and time complexity of the access control mechanisms which are based on SBAC.