Intelligent Role-Based Access Control Model and Framework Using Semantic Business Roles in Multi-Domain Environments

摘要

Today & x2019;s rapidly developing communication technologies and dynamic collaborative business models made the security of data and resources more crucial than ever especially in multi-domain environments like Cloud and Cyber-Physical Systems (CPS). It enforced the research community to develop enhanced access control techniques and models for resources across multi-domain distributed environments so that the security requirements of all participating organizations can be fulfilled through considering dynamicity of changing environments and versatility of access control policies. The popularity of Role-Based Access Control (RBAC) model is irrefutable because of low administrative overhead and large-scale implementation in business organizations. However, it does not incorporate the dynamically changing policies and lacks semantically meaningful business roles which could have a diverse impact upon access decisions in multi-domain business environments. This paper describes our proposed novel access control framework that uses semantic business roles and intelligent agents through implementation of our Intelligent RBAC (I-RBAC) model. It encompasses occupational entitlements as roles for multiple domains. We use the dataset of original occupational roles provided by Standard Occupational Classification (SOC), USA. The novelty of the paper lies in developing a core I-RBAC ontology using real-world semantic business roles and intelligent agent technologies together for achieving required level of access control in highly dynamic multi-domain environment. The intelligent agents use WordNet and bidirectional LSTM deep neural network for automated population of organizational ontology from unstructured text policies. This dynamically learned organizational ontology is further matched with our core I-RBAC ontology in order to extract unified semantic business roles. The proposed I-RBAC model is mathematically described and the overall I-RBAC framework and its implementation architecture is explained. At the end, the I-RBAC model is validated through the implementation results that show a linear runtime trend of the model in presence of a large number of permission assignments and multiple queries.