DLδε-OrBAC: Context based Access Control

Narhimene Boustia, Aicha Mokhtari



The final objective of an access control model is to provide a framework to decide if an action performed by subjects on objects is permitted or not. It is not convenient to directly specify an access control policy using concepts of subjects, objects and actions. In OrBAC (Organization Based Access Control), we can not only express static authorizations but also dynamic authorizations, depending on context. Formally, OrBAC is described in first order logic, where the context is one of the argument of predicate. We propose a new formalism based on description logic with defaults and exceptions (F. Coupey and C. Fouqueré) to describe and reason on OrBAC model. This paper is an enrichment of a previous work (N. Boustia and A. Mokhtari) with the introducing of an exception operator (?). This formalism covers not only concepts of information systems like users, objects, subjects and roles but also the context by the add of two operators of default (d) and exception (?). Notice that time complexity is still polynomial (F.M. Donini et al.).


  1. F. Coupey and C. Fouqueré. Extending conceptual definitions with default knowledge. Computational Intelligence, Vol 13, Num 2, 1997.
  2. F.M. Donini, M. Lenzerini, D. Nardi, B. Hollunder, W. Nutt and M. Spaccamela. The complexity of existential quantification in concept languages. Artificial Intelligence, 53:309- 327,1992.
  3. B. Lampson. Protection. In 5th Princeton Sympoium on Information Sciences and Systems, March 1971, pp. 437- 443.
  4. D.E. Bell and L.J. LaPadula. Secure computer systems: Unified exposition of multics interpretation. Tech. Rep. ESD-Tr-73-306, The MITRE Corporation, March 1976.
  5. K.J. Biba. Integrity consideration for secure computer systems. Tech. Rep. MTR-3153, The MITRE Corporation, June, 1975.
  6. R. Sandhu, E.J. Coyne, H.L. Feinstein and C.E. Youman. Role based access control models. In IEEE Comuter, Vol. 29, no. 2, pp. 38-47, 1996.
  7. A. Abou El Kalam, R. El Baida, P. Balbiani, S. Benferhat, F. Cuppens, Y. Deswarte, A. Miège, C. Saurel, and G. Trouessin. Organization Based Access Control. In 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy'03), Lake Come, Italie, June 2003.
  8. F. Baader, D.L. McGuiness, D. Nardi and P.F. Schneider. The Description logic handbook: Theory, Implementation and Applications. Cambridge university press, 2002.
  9. B. Nebel. Reasoning and revision in hybrid representation systems. In Lecture Note in Computer Science, Springer-Verlag, 1990.
  10. N. Boustia and A. Mokhtari. Representation and reasoning on OrBAC. In The Third International Conference on Availability, Security and Reliability, Barcelona, Spain,2008.
  11. http://www.cs.man.ac.uk/ sattler/reasoners.html

Paper Citation

in Harvard Style

Boustia N. and Mokhtari A. (2009). DLδε-OrBAC: Context based Access Control . In Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009) ISBN 978-989-8111-91-3, pages 111-118. DOI: 10.5220/0002175801110118

in Bibtex Style

author={Narhimene Boustia and Aicha Mokhtari},
title={DLδε-OrBAC: Context based Access Control},
booktitle={Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)},

in EndNote Style

JO - Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)
TI - DLδε-OrBAC: Context based Access Control
SN - 978-989-8111-91-3
AU - Boustia N.
AU - Mokhtari A.
PY - 2009
SP - 111
EP - 118
DO - 10.5220/0002175801110118