中文摘要：

访问控制技术是保护企业信息安全的重要手段,其中基于角色的访问控制技术RBAC的使用最为广泛。于是,提出一种新的针对RBAC的建模方法,即通过本体来描述RBAC模型。相比于常见的XACML、Ponder等语言框架,本体能更好地表述RBAC中的继承、限制等概念,并具有良好的可扩展性与推理能力。具体的,着重介绍如何通过本体论软件protégé来表述RBAC中的主体、客体、资源、角色以及它们之间的继承和限制关系,并通过案例验证来展示所建立模型的可用性与合理性。

英文摘要：

Access control technology is an important means to protect the information of enterprises. And RBAC（Role-Based Access Control） model is the most frequently used in among all the access control technologies. This article proposes a new method to model RBAC, that is, to describe RBAC model via ontology. Compared with the traditional frameworks such as XACML and Ponder, ontology has a better performance in expressing the concepts of inheritance and constraint of RBAC, and is of fairly good extendibility and reasoning capability. This article discusses how to express the subject, object, resource and role in RBAC via ontology-based software – protégé, including the inheritance and constraint relationship of among them. Finally some cases are used to verify the availability and reasonability of this model.