|
Step 1
|
Event Interception
|
\(e_1=\langle s_1, o_1, R, t_1\rangle ,\ e_2= \langle s_1, o_2, W, t_2 \rangle ,\ e_3= \langle s_2,o_2, R, t_3 \rangle\)
|
|
Step 2
|
Event Normalization
|
Using OWL-DL to define the events and initiate the me and ma.
|
|
Memory/Manipulation Storage (MStore)
|
\(me(s_1)=\{o_1\}\), \(ma(s_1)=\{o_2\}\), \(me(s_2)=\{o_2\}\), \(ma(s_2)=\varnothing\)
|
|
Step 3
|
Individual Storage
|
\(Event(e_1), Subject(q_1), Object(o_1), ...\)
|
|
System Ontology (TBox)
|
\(\sqsubseteq , \ partOf,\ parentOf\), .
|
|
Relation Rules (RBox)
|
\((time(e_i)< time(e_j) \wedge object(e_i)=object(e_j) \wedge action(e_i)=W\) \(\wedge action(e_j)=R ) \Longrightarrow e_i \overset{tewr}{\sim } e_j\)
|
|
Inference Engine
|
\(e_2 \overset{tewr}{\sim } e_3\)
|
|
Step 4
|
ABox and MStore
|
\(e_2 \overset{tewr}{\sim } e_3, me(s_1)=\{o_1\}, ma(s_1)=\{o_2\}, me(s_2)=\{o_2\},ma(s_2)=\varnothing\)
|
|
System Ontology (TBox)
|
\(\sqsubseteq , \ partOf,\ parentOf\), .
|
|
Indirect Access Rules (RBox)
|
\(\forall e_i,e_j, ( Event(e_i) \wedge Event(e_j) \wedge e_i \overset{tewr}{\sim } e_j \Rightarrow me(subject(e_j))=\) \(me(subject(e_j)) \cup me(subject(e_i)) )\)
|
|
Inference Engine
|
\(\varvec{ me(s_2)=me(s_2) \cup me(s_1)}\)
|
|
Step 5
|
Memory/Manipulation Storage (MStore)
|
\(me(s_1)=\{o_1\},\ ma(s_1)=\{o_2\},me(s_2)=\{o_2\} \cup \varvec{\{o_1\}}\)
|
|
Security Policy Store (PStore)
|
\(o_1 \notin me(s_2)\)
|
|
Policy Checker
|
Alert
|
