An ontology-based approach to improve access policy administration of attribute-based access control

Attribute-based access control (ABAC) needs a large number of policies to function by using attributes of visitors, resources, environmental conditions, etc. Efficient policy administration is vital for implementation of ABAC models. In this paper, an ontology-based approach is proposed to build up an ABAC model, which is named as an ontology-based ABAC model, OABACM. Underlying relationships among things such as attributes hierarchies in OABACM are identified and described in OABACM, which if treated improperly can directly lead to problems in policy administration. In addition, policy representation and reasoning mechanism are discussed within OABACM and inherent logical properties of this model are formalised in rules. With proper reasoners, these properties can be utilised to logically improve access policy administration by reducing policy redundancy and detecting policy conflicts. In experiments, a sample ontology is created and several enterprise access examples are tested upon OABACM, which validates the effects of our model on policy administration. © 2019 Inderscience Enterprises Ltd.