Elisa Bertino
Piero Andrea Bonatti
ABSTRACT
Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles can be active at certain time periods and non active at others; moreover, there can be activation dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extensions of the RBAC model. TRBAC supports both periodic activations and deactivations of roles, and temporal dependencies among such actions, expressed by means of role triggers, whose actions may be either executed immediately, or be deferred by an explicity specified amount of time. Both triggers and periodic activations/deactivations may have a priority associated with them, in order to resolve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, an implementation architecture is outlined.
- 1.E. Bertino, C. Bettini, E. Ferrari, P. Samarati. An Access Control Model Supporting Periodicity Constraints and Temporal reasoning. ACM Transactions on Database systems, 23(3):231-285, September 1998. Google Scholar
Digital Library
- 2.T. H. Cormen, C.E.Leiserson, R.L.Rivest. Introduction to Algorithms. MIT Press, 1990. Google ScholarDigital Library
- 3.T. Jaeger, A. Prakash, J. Liedtke, and N. Islam. Flexible Control of Downloaded Executable Content. ACM Transactions on Information and System Security, 2(2):177-228, 1999. Google ScholarDigital Library
- 4.D. Jonscher, J. Moffet, and K. Dittrich. Complex Subjects or: the striving for Complexity is Ruling our World. In Database Security VII: Status and Prospects, pages 19-37, North Holland, 1994. Google ScholarDigital Library
- 5.M. Niezette and J. Stevenne. An efficient symbolic representation of periodic time. In Proc. First International Conference on Information and Knowledge Management, 1992.Google Scholar
- 6.M. Nyanchama and S. Osborn. Role-based Security, Object Oriented Databases & Separation of Duty. Sigmod Record, 1993. Google ScholarDigital Library
- 7.Proc. of the Second ACM Workshop on Role-Based Access Control, Fairfax (VA), 1997.Google Scholar
- 8.Proc. of the Third ACM Workshop on Role-Based Access Control, Fairfax (VA), 1998.Google Scholar
- 9.Proc. of the Fourth ACM Workshop on Role-Based Access Control, Fairfax (VA), 1999.Google Scholar
- 10.R. Sandhu. Separation of Duties in Computerized Information Systems. In Database Security IV: Status and Prospects, pages 179-189. North Holland, 1991.Google Scholar
- 11.R. Sandhu. Role Hierarchies and Constraints for Lattice-based access Controls. In E. Bertino, H. Kurth, G. Martella, and E. Montolivo Eds., Computer Security - Esorics'96, LNCS N. 1146, Rome, Italy, 1996, pages 65-79. Google ScholarDigital Library
- 12.R. Sandhu. Role-based Access Control. Advances in Computers, vol. 46, Academic Press, 1998.Google Scholar
Index Terms
- TRBAC: a temporal role-based access control model
Recommendations
TRBAC: A temporal role-based access control model
Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles may be available to users at certain time periods, and unavailable at others. Moreover, there can be temporal dependencies ...
Configuring role-based access control to enforce mandatory and discretionary access control policies
Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...
TRBAC: A Temporal Authorization Model
MMM-ACNS '01: Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network SecurityWe show how the family of temporal role-based access control (TRBAC) models from [6], the TRBACO models, may be equivalently represented in a considerably simpler and more efficiently implemented way. We call the latter the TRBACN models. To specify ...
Comments