A Semantic-Aware Role-Based Access Control Model for Pervasive Computing Environments

Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. Excessive use of context information is one of the main characteristics of PCEs. Therefore, access control models designed for PCEs should be able to use accessible context information in their access decision process. However, it is not applicable to gather all context information completely and accurately all the time. Thus, a context-aware access control model must be able to deal with imperfect context information, which makes it a non-monotonic system, where the inferred access decision might change by more complete context information. In addition, due to the diversity and heterogeneity of resources and users and their security requirements in PCEs, a high expressive policy specification language is needed. Using a non-monotonic logic as a policy specification language provides a platform for handling incomplete context information as well as other non-monotonic security requirements including exception and default policies. This paper proposes a Semantic-Aware Role-Based Access Control (SARBAC) model which satisfies the aforementioned requirements using MKNF+, which is a combination of Description Logic (DL) and Answer Set Programming (ASP). Along with the use of DL to define an ontology for access control elements and context information; MKNF+ rules are used to define context-aware role activation and permission assignment policies. The proposed model inherits the advantages of ontological representation of access control elements and context information (such as interoperability among systems) as well as the ASP advantages in non-monotonic reasoning through the closed-world principle and negation-as-failure. The expressive power of the proposed model is demonstrated through a case study in this paper.