查看文章

In the organization based access control (ORBAC) model, to express security policy, it is necessary to make possible the system know which are the privileges of each user. The definition of permission should not be static, but it must depend on the requirement of the system, rules should be dynamic, depending on the context. Context is used to specify the concrete circumstances where user is given role permissions to perform activities on views. Formalization of ORBAC in a logical approach makes it feasible to reason about a specified policy and verifies its correctness. We propose a formal modelisation of ORBAC by the description logic language with default and exception AL _deltaepsiv . We show how exception in information system security can be captured by AL _deltaepsiv . We illustrate this approach by an example of a medical information system.