Representation of Multiple Domain Role Based ...

Representation of Multiple Domain Role Based Access Control Using FCA S. Chandra Mouliswaran

Ch. Aswani Kumar

C. Chandrasekar

School of Information Technologyand Engineering School of Information Technology and Engineering Department of Computer Science Periyar University VIT University VIT University Vellore, India Vellore, India Salem, India

[email protected]

[email protected]

Abstract-There are various security policy models available to deal with the challenges in multiple domain networks. Applying role based access control (RBAC) is one the widely accepted and currently

deployed

access

control

model

in multiple

domain

environments to support mobility constraints of users between domains, inter domain services and its access rights. The objective of this paper is representing various access permissions of multiple domain role based access control model using formal concept analysis (FCA) which is one of the widely used mathematical frameworks for knowledge representation and conceptual analysis. To succeed this objective, we deduce a dyadic formal context from the quadratic security context of inter domain role based access control model. We present the implementation of inter domain role based access control security policy with service access matrix and permission assignment relation. The analysis proves that it is possible to simplify the complex quadratic inter domain security context into simple dyadic context and apply it in the multiple domain networks.

Keywords - access control;concept lattice;/ormal concept analysis; multiple domain networks; quadratic context; role based access control.

I.

INTRODUCTION

At present, several organisations are established with multiple administrative domains and their users expect the extended flexibility to move around these domains. To enjoy this flexibility and freedom, users require to get connected with different administrative domains and access various resources. In providing access permissions to these users who move across the domains, there are different access control security policies available to restrict the unauthorized access of information among these domain networks. The security policies define the various access rights to the individual users depends upon their access level in the organisation. Among the various access control models available in the literature, access control matrix first introduced by B.Lampson is the fundamental model for various access control models such asdiscretionary access control model, mandatory access control model, lattice based access control model and role based access control model [1]. The comprehensive discussion on various access control models and their security policies are available in [2]. 978-1-4799-608S-9/1S/$31.00©201S IEEE

[email protected]

In the eXlstmg access control models, RBAC provides a potential way to reduce the complexity and the possibilities of errors in assigning the access permissions to users at various levels in the administrative domains [3]. Among the various security policies and access control models in dealing with users in multiple domain networks, formal policy model for mobility with role based access control (FPM-RBAC) introduced by Unal and Cagalyan [4] has created its attraction in solving the major issues such as mobility and location constraints, inter-domain services, inter-domain access rights and separation of duty. The objective of this paper is representing various access permissions of multiple domain role based access control model using formal concept analysis. The literature proves that concept lattices formulate the security policies and access controls with its mathematical properties [5].The lattices formalized for various access control models are currently available [6]. Recently, lattice theory has created its attraction along with formal concept analysis (FCA). The three important feature of FCA are discovery of formal concepts, attribute implications and concept lattices.Obiedkov et al [7] have described an interactive way to build lattices for access control models with the support of attribute exploration process of FCA. Dau and Knechtel [8] have formalized the triadic context for RBAC and further deduced the dyadic context. Suyun et al [9] have proposed an access control model for dynamic policies using formal concept analysis and constructed a concept lattice which classifies dynamic concepts effectively. Motivated by the contributions of Obiedkov et al [7], Dau and Knechtel [8] and Suyun et al [9], we propose to represent role based access control in multiple domain networks using formal concept analysis.Extending upon the access permissions comprised in the FPM-RBAC model introduced by Unal and Caglayan [4], we design the formal context for role based access control in multiple domain networks. The lattice structure achieved from this formal context is able to represent the access permissions of role based access control in multiple domain networks. Section II presents the brief background of role based access control in multiple domain networks and its related work. The terms and concepts of FCA are mentioned in Section-III. We propose representing role based access control for multiple domain networks using formal

concept analysis in section IV. We demonstrate and discuss our experimental results in section V. II.

BACKGROUND

The existing access control policies, models and mechanisms are available in [10]. Romuald and Stephane [11] have proposed a conceptual graph formalism to deal with role hierarchy and constraints in RBAC. Smaria et al [12] has extended attribute based access control model with trust and privacy for the domain of distributed multiple organisation crisis management system. Khun et al [13] have introduced an approach to combine the features of RBAC and attribute based system to provide a better access control for distributed and dynamic applications. Zhou et al [14] have introduced a role based encryption scheme for cryptographic admin model to manage and enforce access policies for cryptographic RBAC schemes. Changdaet al [15] have proposed a method to indicate how multilevel security can be introduced into adhoc networks. Zou et al [16] has proposed multi-grained constraints on the RBAC model in multi­ application environment. There is an integer programming based approach to resolve the conflicts in the principles of secure inter­ operation of RBAC models introduced by Shafiq et al [17]. Nathalie et al [18] has proposed a role based framework to enable secure inter operation among multiple domains with temporal and separation of duty constraints. A formal security policy model for multi-domain mobile network has been proposed by Unal et al [4] deals with location and mobility constraints, role hierarchy mapping, inter domain access right, inter domain services and separation of duty.Jung andJoshi [19] have discussed a community centric access control model for the community of online social network. Hongxin et al [20] has described a methodology to secure the shared data available with multiple users in online social networks. Chang et al [21] has proposed ontology based access control model (Onto-ACM) for security reasoning in cloud environment. Aswani Kumar [22] has proved that it is possible to design role hierarchy of RBAC using formal concept analysis. Extending upon this works, recently FCA has been used to model Chinese wall security policy [23]. Chen et al [24] have discussed how FCA can be used to capture RBAC constraints in dynamic computer environment. Suyun et al [9] have proposed an access control model for dynamic policies and constructed a formal classification concept lattice with the support of FCA. Scibor and Bartosz [25] have demonstrated the usage of FCA to obtain the role hierarchy for RBAC from existing access control matrix.Sellami et al [26]have proposed a formal concept analysis based approach for secure data integration with the support of global policy generation and global schema. A. Inter Domain Security Policy Model

The concept of inter domain security policy model arises in the multiple domain network environment. It provides security services to the users to access multiple administrative domains

and use the various resources inside these domains. This model contains the various interconnected administrative domains and theirhosts, objects and users. It provides the security services to the internal and external users of the above environment. Role based access control model [27] is the widely accepted access control model for the single domain security policy model. The inter domain access control model is one of the role based access control model which has the specifications to provides the security services to the users in multiple domain mobile network[4]. For the better understanding of this model, some of the terminologies which are commonly used in this paper are discussed here. The security agreement between the participating administrative domains are calIed as the inter domain security policy [4]. This model involved three conceptual domains namely home domain, foreign domain and inter domain [4]. The administrative domain which delivers services to other domain is called as Home domain [4]. The inter domain roles provides the inter domain services toforeign domain [4]. Inter domain policy defines the rules for foreign user to access the home domain objects through inter domain roles. This inter domain policy [4] is defined by a set of terms such as inter domain roles, inter domain data resources, inter domain access permissions and the constraints on location of user. The services associated with inter domain resources and actions within the set of domain areknown as inter domain services [4]. The set of inter domain roles provide the inter domain services. The assignment of inter domain roles to inter domain services is known as inter domain service assignment matrix [4]. Similarly, the assignment of inter domain roles to inter domain permissions is known as inter domain permission assignment matrix [4]. The service session defines the relation among the inter domain user, inter domain roles and inter domain services. The complete description of this model is available in [4]. III.

FORMAL CONCEPT ANALYSIS

Formal ConceptAnalysis is a mathematical theory which has been introduced by Rudolf Wille in early 1980's at Darmstadt[28]. The formal context is a table which contains a set of objects as rows, a set of attributes as columns and the relation between them as entries in the table. It is the concept of formalizing concepts. It derives the concept hierarchy based on the input dataset. The formal concept of the context is an ordered pair which contains the intent and extent. The intent is the subset of all attributes in the context. Similarly, the extent is the subset of all objects in the context. FCA is one of the conceptual clustering methods which clusters objects and attributes simultaneously. The clustered concepts are organised into conceptual lattices and these lattices visualize the relationship among the concepts.An analytical study on comparison of various formal concept extraction algorithms has been presented [29]. There are several methods and techniques are also available to investigate and attend the practical problems ofFCA in field of knowledge processing and information retrieval [30, 31]. In

applications side, formal concept analysis is extensively used in the field of data mining such as rule mining and clustering [32, 33, 34]. FCA has been successfully applied in the field of modelling various access controls [3S]. There are several sophisticated software tools available to implement FCA techniques such as concept generation, attribute implication, attribute exploration and association rule [36]. IV.

MUL TIPLE DOMAIN ROLE BASED ACCESS CONTROL USING FORMAL CONCEPT ANALYSIS

In access control table, subject and object are shown in rows and columns respectively. The access permissions between the subjects and objects are fixed as the elements of the matrix. Normally, there are two access permission matrices exist in the inter domain supported and role based access control enabled multiple domain networks namely service assignment matrix (SAM) and permission assignment matrix (PAM). The SAM assign the various inter domain roles into inter domain services identified in the multiple domain networks. This relation will become as the two dimensional table and the same formalizes itself as the dyadic context as likea sample shown in Table-I with Rl to RS as inter domain roles and SI to SS as inter domain serVices.

The permission assignment matrixcontains the four components. The four components are the set of roles involved in inter domain, set of resources of various inter domains or services as data resources, the actions on these inter domain data resources as access permissions and the domain constraints on accessing the various inter domain service resources available in different domains as conditions. Considering the above 4 components in inter domain PAM, the relationship among these four components is formalized as the quadratic context. The sample quadratic context for the inter domain PAM is shown in Table-II. To process the complex matrix and comfortably visualize the relationship among these components, the dyadic context of the same is derived from the complex quadratic context. Our objective is to model access permissions of inter domain security policy of the multiple domain networks using FCA. To derive the dyadic context, consider the set of inter domain roles as the formal objects and the cross product of the set of inter domain data resources, set of access permissions on these data resources and the domain or service constraints as the attributes. TABLEI.

A SAMPLE DYADIC CONTEXT OF INTER DOMAIN

SERVICE AsSIGNMENT MA TRlX (SAM)

The procedure to deduce the proposed dyadic formal context using FCA is described below. 1.

2. Arrange those components in step-l as the four dimensional matrix or quadratic context as likea sample context shown in Table-II. In this table, roles are named as Rl to RS. Similarly, the other components are named in a sequential way and get fixed into this table as shown in Table-II. 3. From the components arran ged in the four dimensional matrix or quadratic matrix, formalize a quadratic formal context of the formKR.D,P,C (R,D, P, C, I) where I is the quadratic relation between R, D, P and C. =

4. Deduce the different dyadic formal contexts from the quadratic formal context formalized in step-3. Here, one among the four sets R,D, P and C is fixed as objects and the other three sets cross product is fixed as attributes. Totally, we deduce twelve different dyadic contexts. It includes KR.(DxPxC), KD,(RxPxC), Kp,(RxDxC) and KC,(RxDxP)' Here, the formal context KR.(DxPxC) (R,D, P, C, I) with R.(DxPxC) (R, (DxPxC)) € I ¢:> (R, C,D, P) € I. This formal context is preferred for PAM. =

S.

Construct the concept lattice structure from the formal context derived in step-4. Here, the inter domain roles are fixed into various levels of the lattice depends on their access permissions.

6.

The resultant lattice structure visualizes the PAM permissions with the easy appearance. This helps to make the various compansons among these components.

The next section demonstrate the derivation of dyadic contexts and lattices from the inter domain context described in a joint project scenario in [4]. TABLE II.

Cl DlPl Rl R2

R4

Rl R2 R3

R4 RS

S2 x x

S3

x

x

S4 x

SS

x

x

x x x

A SAMPLE QUADRATIC CONTEXT OF INTER DOMAIN PERMISSION ASSIGNMENT MATRIX (PAM)

R3

SI x

IdentifY the inter domain roles (R), inter domain data resources (D), access permissions (P) of inter domain data resources and the domain or service constraints (C).

R:i

DIP2

C2 DlPl

DlP2

DlPl

DlP2

C3 D4Pl

D4P2

lliPl

lliP2

D6Pl

D6P2

V.

EXPERIMENTAL RESULTS

To demonstrate our proposed work, we consider the example scenario described in [4]. In this joint research project scenario, there are 3 distinct administrative domains such as University, Hospital and Corporate and two different services namely joint project service(JPS) and patient health record service (PHRS). There are five inter domain roles such as Research project manager (ResPrjMgr), Research group manager (ResGrpMgr), System administrator (SysAdmin), Researcher and Supervisor. The data resources of inter domain services are web application ofJPS (WAP), project work file of the same project (PWF) and the database of patient health record (PHR). The access permission of this scenario includes enrol, login, create, read, write, execute, send, receive, manage, delete and logout.Depends upon the data resource at various services of different inter domains, these access permission are applicable.

QUADRATIC FORMAL CONTEXT OF PERMISSION ASSIGNMENTMATRIX - PART-2

TABLE V. lot ...

Pat i e n t Healtb Record Service (PHRS)

Domain Roles

Create-PHR

RmdPHR

Write-PHR

SeodPHR

Receiv ePHR

DeletePHR

ResGrpMgr SysAdmin Researcber Supen,-isor

1 Patient Health Record Service 1

Joint Project Service , ,

1 SysAdmin 11 ReSprJMgr 1

, ,

I

By considering the service constraints or domain condition as C, the data resources of the different domains as D, the inter domain roles as R and the access permission as P, formalize the service assignment matrix as dyadic context as shown in Table­ III and the permission assignment matrix as quadratic context of the above described joint project scenario as shown in Table-IV and Table-V.Since, the SAM already formalizes itself as dyadic context, we deduceits equivalent lattice structure directly with the support of ConExp tool as shown in Fig.I . From the quadratic context in Table-IV and Table-V, deduce the dyadic formal context KR,(DxPxC) (R, (DxPxC)) and this context can be implemented with the support of ConExp tool as shown in Table-VI and Table-VII. In terms of formal context analysis (FCA) terms, we consider R as the objects and the cross product ofD, P and C i.e. (DxPxC) as attributes.

:ManagePHR

ResPriMgr

1 s�pervisor 1

1 ResGrpMgr 1 1 Researcher 1 Fig. 1

Latticestructureof Inter Domain Service Assignment Matrix

=

DYADIC FORMAL CONTEXT OF PERMISSION ASSIGNMENT MATRIX - PART-l

TABLEVI.

Inter Domaia

TABLE lIi.

DYADIC FORMAL CONTEXT OF SERVICE ASSIGNMENT MATRIX

Inter Domain Roles

JPS-

JPS-

JPS-

JPS.

JPS-

JPS-

JPS-

JPS-

JPS-

JPS-

JPS­

Login-

'Read-

Write-

Execute-

!\lallage-

Logout-

Create-

Read-

Write-

Mallage-

IVAI'

IVAI'

IVAI'

IVAI'

WAP

IVAI'

IVAI'

PWF

PIVF

PWF

PWF

Delete­ PIVF

ResPrj Mgr ResGrpl\lg r

Joint Project Service (JPS)

ResPrjMgr

x

ResGrp:.M: gr

x

SysAdmin

x

Researcher

x

Patient Health Record Service(PHRS)

SysAdmill Researcher Super,;sor

x

DYADIC FORMAL CONTEXT OF PERMISSION ASSIGNMENT MATRIX - PART-2

TABLEVII.

x

Supervisor TABLE IV.

Rol.

JPS[nroU-

x

QUADRATIC FORMAL CONTEXT OF PERMISSION

ASSIGNMENT MATRIX -PART-l

Inter

PHRS-

PHRS-

PHRS-

PHRS-

PHRS-

PHRS-

PHRS-

Domain

C r eate-

R",d-

W ri te-

Seod-

Rece v e-

jUanage-

Delete-

PHR

PHR

PHR

PHR

PHR

PHR

PHR

Role ResPrjl\fgr

III� J)oID.aiD RolfS JUsprj:\la:r

ResGrpMgr

Joi DIProjf(tSen''-:e (JPS) [lroD. WAF

LoJill. t,..ad· Writflo [!fotale. WAP WAF WAP WAP

lbil.li,e. loto.to C,,..III . Rnd. Write. WAF WAP PWF pwr pwr

�bute. I)f"el&P\\T PWF

x

x

Sys..:\dm in Researcher Supervisor

�rp:\lIr SrsAd lDlI Rese.ar(hr Sipenl50r

Any entry into this formal context shows grant permission and if there is no entry in the context, it denies the corresponding access permission on the concerned data resource.

The context in Table-VI and Table-VII shows the different access permissions attained by various inter domain roles. Using the Concept Explorer tool i.e. ConExp, we generate 12 different concepts which arelisted in Table-VIIIand the corresponding lattice structureshown inFig 2.

CONTEXT

The resultant lattice structure visualizes the permissions of PAM with different roles in various levels of the lattice.Here, the Research Project Manager (ResPrjMgr) role or object is associated with JPS-Login-WAP, JPS-Read-WAP, JPS-Execute­ WAP, JPS-Logout-WAP, JPS-Create-PWF, JPS-Read-PWF, JPS­ Write-PWF, JPS-Manage-PWFand JPS-Delete-PWF permissions or attributes. Supervisor role is associated with PHRS-Create­ PHR, PHRS-Read-PHR, PHRS-Write-PHR and PHRS-Delete­ PHR. Similarly, the other roles such as Research Group Manager (ResGrpMgr), Researcher and SysAdmin roles are associated with its own attributes or access permissions as like visualized in the Fig2. It gives the clear picture of various inter domain roles and different inter domain access permissions of various inter domain data resources with its services. Inter domain role hierarchy is also visualized from this PAM lattice structure in Fig 2. However, the complete mapping of access permission of inter domain data resources to all inter domain roles brings the inter domain role hierarchy in clear and concrete shape in the derived lattice. Here, every domain user is associated with anyone inter domain role to get the data resources of multiple domain. The session identity numbers or session id is created for the communication sessions by the user. These session numbers are unique and statically bounded to a certain domain. If, the user shifts their data access from one domain access to other domain, it closes the old session id and it generates a new session id. In this way, domain constraints on dynamic domain aspects are managed. However, separation of duty under inter domain security policy is not under the scope of this paper.

So, using formal concept analysis for the classification of separation of duty in inter domain and in various individual domain rolesis left for the future work. VI.

Fig. 2

Latticestructure of inter Domain Permission Assignment Matrix

TABLE VIII.

LIST OF CONCE PTS GENERATED FROM THE FORMAL

CONCLUSIONS

In this paper, we propose a method to represent multiple domain role based access control using FCA. To accomplish this work, we consider the joint research project scenario of inter domain security policy described by Unal [4] and we represent the various access permission of inter domain security policy described in the above scenario such as service assignment matrix and permission assignment matrix as the quadratic context.To visualize the formal concepts and understand the access permissions of various inter domain roles, the original quadratic context is transformed into the dyadic context and the equivalent lattice structure is built.The resultant formal contexts and lattices helps to classify the access permissions of individual inter domain roles under various domain service resources.!t illustrated that it is possible to represent access permissions of role based access control for multiple domain network using FCA.

As discussed, separation of duty under inter domain security policy is not under the scope of this paper and it is left for the future work. The classification of separation of duty among the various inter domain roles in cloud based multiple domain networks is also an interesting future work. REFERENCES

[ 1 8] Baracaldo, Nathalie, Amirreza Masoumzadeh, and James Joshi. "A secure, constraint-aware role-based access control interoperation framework." In Network and System Security (NSS), 20II 5th International Conference on, pp. 200-207. IEEE, 20 1 1 . [ 1 9] Jung, Youna, and James B D Joshi. "CPBAC: Property-based access control model for secure cooperation in online social networks." Computers & Security 4 1 , pp. 1 9-39,20 1 4. [20] Hu, Hongxin, Gail-Joon Ahn, and Jan Jorgensen. "Multiparty access control for online social networks: model and mechanisms." Knowledge and Data Engineering, IEEE Transactions on 25, no. 7 pp. 1 6 1 4- 1 627, 20 1 3.

[I]

B.Lampson. "Protection", in Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems, pp. 437-443, 1 97 1 .

[2]

F P. Samarati, S. De Capitani di Vimercati, "Access Control: Policies, Models and Mechanisms" in Foundations of Security Analysis and Design, R. Focardi, R. Gorrieri (eds.),Springer-Verlag, 200I.

[3]

Ravi S. Sandhu, "Role Hierarchies and Constraints for Lattice-Based Access Controls" in Proceedings of European Symposium on Research in Computer Security, pp. 65-79, 1 996.

[4]

D.Unal, M.U.Caglayan, " A formal role-based access control model for security policies in multi-domain mobile networks",Computer Networks vol. 57 pp. 330-350,20 1 3.

[5]

Denning DE, "A lattice model of secure information Communication of the ACM, vol. 1 9(5), pp.236-243, 1 976.

flow",

[23] S.Chandra Mouliswaran, Ch.Aswani Kumar and C.Chandrasekar, "Modeling Chinese Wall Access Control Using Formal Concept Analysis", International Conference on Contemporary Computing and Informatics (IC3I), IEEE - 978-1 -4799-6629-5/ 1 4,pp. 8 1 1 -8 1 6,20 1 4.

[6]

Crampton J.Loizou G., "Authorization and antichains", ACM SIGOPS Operating Systems Review 35(3), pp.6- 1 5,200l.

[24] Chen, Bo, Jia Di Qiu, and Ming Ming Chen. "Designing Access Control Policy Using Formal Concept Analysis." In Applied Mechanics and Materials,vol. 602,pp. 3822-3825. 20 1 4.

[7]

Sergei A. Obiedkov, Derrick G. Kourie and Jan H. P. Eloff, "Building access control models with attribute exploration" Computers & Security, vol. 28,issue 1 -2, pp. 2-7,2009.

[25] Sobieski,Scibor,and Bartosz Zielinski. "Modelling role hierarchy structure using the Formal Concept Analysis." In Annales UMCS, Informatica, vol. 1 0,no. 2, pp. 1 43- 1 59. Versita,201 0.

[8]

Frithjof Dau and Martin Knechtel, "Access Policy Design Supported by FCA Methods", in Proceedings of 1 7th International Conference on Conceptual Structures, pp. 1 4 1 - 1 54,2009.

[9]

Jiao, Suyun, Yanheng Liu, Haiyan Hu, Da Wei, and Yanzhi Zhang. "Dynamic policy access model based on formal concept analysis." Wireless Communications, Networking and Mobile Computing WiCOM'08. 4th International Conference on, pp. 1 -5. IEEE, 2008.

[26] Sellami,Mokhtar,Mohamed Mohsen Gammoudi, and Mohand Said Hacid. "Secure Data Integration: A Formal Concept Analysis Based Approach." In Database and Expert Systems Applications, pp. 326-333. Springer International Publishing,20 1 4.

[ 1 0] Ross J. Anderson, Frank Stajano, Jong-Hyeon Lee, "Security Policies", Adavances in computers,vol. 55,pp. 1 85-235,200l. [ 1 1 ] Thion, Romuald, and Stephane Coulondre. "Representation and reasoning on role-based access control policies with conceptual graphs." In Conceptual Structures: Inspiration and Application, Springer Berlin Heidelberg, pp. 427-440,2006. [ 1 2] Smari, Waleed W., Patrice Clemente, and Jean-Francois Lalande. "An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system." Future Generation Computer Systems vol. 31 pp. 1 47- 1 68,20 1 4. [ 1 3] Kuhn, D. Richard, Edward J. Coyne, and Timothy R. Weil. "Adding attributes to role-based access control." Computer 43, vol. 6 pp.79-8 1 , 20 1 0. [ 1 4] Zhou, Lan, Vijay Varadharajan, and Michael Hitchens. "Secure administration of cryptographic role-based access control for large-scale cloud storage systems." Journal of Computer and System Sciences, vo1.80, issue. 3, pp. 1 5 1 8- 1 533,20 1 4. [ 1 5] Changda, Wang, and Ju Shiquang. "Multilevel security model for ad hoc networks." Systems Engineering and Electronics, Journal of 1 9, no. 2 pp.391 -397,2008. [ 1 6] Zou, Deqing, Ligang He, Hai Jin, and Xueguang Chen. "CRBAC: Imposing multi-grained constraints on the RBAC model in the multi­ application environment." Journal of Network and Computer Applications 32,no. 2 pp.402-4 1 1 ,2009. [ 1 7] Shafiq, Basit, James BD Joshi, Elisa Bertino, and Arif Ghafoor. "Secure interoperation in a multidomain environment employing RBAC policies." Knowledge and Data Engineering, IEEE Transactions on 1 7, no. II pp. 1 557-1 577,2005.

[2 1 ] Chang Choi, Junho Choi and PanKoo Kim, "Ontology-based access control model for security policy reasoning in cloud computing", The Journal of Supercomputing vol. 67(3) pp. 7 1 1 -722,20 1 4. [22] Ch. Aswani Kumar "Designing role-based access control using formal concept analysis", Security and Communication Networks, vol. 6, issue 3, pp. 373-383,March,20 1 3.

[27] Ferraiolo DF,Sandhu R, Gavrila S., Kuhn DR, Chandramouli R., proposed NIST standard for role based access control. ACM Transactions on Information and System Security, vol. 4(3), pp.224-274,200l. [28] Wille, R., "Restructuring Lattice Theory: An Approach based on Hierarchies of Concepts", reprint in: Proceedings of the 7th International Conference on Formal Concept Analysis, Springer-Verlag Berlin/Heidelberg, pp. 3 1 4-339,2009. [29] Ch. Aswani Kumar and Prem Kumar Singh,"Knowledge Representation Using Formal Concept Analysis: A study on Concept Generation", Global Trends in Intelligent Computing Research and Development, chapter 1 1 , 20 1 4. [30] Ch, Aswani Kumar, Sergio M. Dias, and Newton J. Vieira. "Knowledge reduction in formal contexts using non-negative matrix factorization." Mathematics and Computers in Simulation 1 09, pp.46-63,20 1 5. [3 1 ] Ch. Aswani Kumar and S.Srinivas "Concept lattice reduction using fuzzy k means clustering", Expert Systems with Applications, vol. 37, issue 3, pp. 2696-2704,March 201 0. [32] Ch. Aswani Kumar, "Fuzzy clustering based formal concept analysis for association rules mining",Applied Artificial Intelligence,vol. 26, issue 3, pp. 274-30 1 ,20 1 2. [33] Aswani Kumar Ch., "Mining Association Rules Using Non-Negative Matrix Factorization and Formal Concept Analysis", ICIP, Communications in Computer and Information Science, vol. 1 57, pp.3 1 39,20 1 l. [34] Jinhai Li, Changlin Mei, Cherukuri Aswani Kumar and Xiao Zhang, "On rule acquisition in decision formal contexts", International Journal of Machine Learning and Cybernetics,vol. 4, pp. 72 1 -73 1 ,20 1 3. [35] Frithjof Dau and Martin Knechtel, "Access Policy Design Supported by FCA Methods", ICCS 2009,pp. 1 4 1 - 1 54,2009. [36] http://conexp.sourceforge.net.