Dynamic delegation based on temporal and nonmonotonic description logic

Abstract

Access control provides the mean of restricting the access to a computer system by checking whether a legitimate user has the rights to perform certain actions on the resources. Therefore it should rely on flexible administrative mechanism. An important component of the administrative mechanism is delegation. Delegation is the process of granting a specific authorization from a user to another user of the same system to carry out some functions on his behalf. The delegation, although widely used, is modeled in very little security policies because this concept is very complex. What we tried to do in this work is to redefine delegation for OrBAC using description logic. OrBAC is an access control model; it provides the mean to specify contextual authorizations, which facilitates modeling the features of the delegation such as temporary delegation, multiple delegation, revocation, etc. The description logic that we use for the re-formalization process is T-JClassicδϵ. This logic is a temporal nonmonotonic description logic, it gives the mean to specify nonmonotonic authorizations, and a better representation of the temporal aspects specific to a given delegation. This new representation augments the expressivity of the model and therefore it facilitates even more the representation and the management of the delegation characteristics.