Article

Temporal hierarchies and inheritance semantics for GTRBAC

Authors:

James B D Joshi,

Elisa Bertino,

Arif GhafoorAuthors Info & Claims

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

Pages 74 - 83

https://doi.org/10.1145/507711.507724

Published: 03 June 2002 Publication History

Get Access

Abstract

A Generalized Temporal Role Based Access Control (GTRBAC) model that allows specification of a comprehensive set of temporal constraint for access control has recently been proposed. The model constructs allow one to specify various temporal constraints on role, user-role assignments and role-permission assignments. However, Temporal constraints on role enablings and role activations can have various implications on a role hierarchy. In this paper, we present an analysis of the effects of GTRBAC temporal constraints on a role hierarchy and introduce various kinds of temporal hierarchies. In particular, we show that there are certain distinctions that need to be made in permission inheritance and role activation semantics in order to capture all the effects of GTRBAC constraints such as role enablings and role activations on a role hierarchy.

References

[1]

E. Bertino, P. A. Bonatti, and E. Ferrari. Trbac: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(4):65--104, September 2001.

Digital Library

Google Scholar

[2]

E. Bertino, E. Ferrari, and V. Atluri. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security, 2(1):65--104, September 1999.

Digital Library

Google Scholar

[3]

L. Giuri. Role-based access control: A natural approach. In Proceedings of the 1st ACM Workshop on Role-Based Access Control. ACM, 1997.

Digital Library

Google Scholar

[4]

T. Jaeger and J. E. Tidswell. Practical safety in flexible access control models. ACM Transactions on Information System Security, 4(2):158--190, May 2001.

Digital Library

Google Scholar

[5]

J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. Generalized temporal role based access control model (GTRBAC) (Part I)- specification and modeling. Technical Report CERIAS TR 2001-47, Purdue University, 2001.

Google Scholar

[6]

J. B. D. Joshi, A. Ghafoor, W. Aref, and E. H. Spafford. Digital government security infrastructure design challenges. IEEE Computer, 34(2):66--72, February 2001.

Digital Library

Google Scholar

[7]

J. D. Moffet and E. C. Lupu. The uses of role hierarchies in access control. In Proceedings of 4th ACM Workshop on Role-Based Access Control, October 1999.

Digital Library

Google Scholar

[8]

M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, 1999.

Digital Library

Google Scholar

[9]

S. Osborn, R. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security, 3(2):85--106, May 2000.

Digital Library

Google Scholar

[10]

J. S. Park, R. Sandhu, and G. J. Ahn. Role-based access control on the web. ACM Transactions on Information and System Security, 4(1):37--71, February 2001.

Digital Library

Google Scholar

[11]

R. Sandhu. Role activation hierarchies. In Proceedings of 2rd ACM Workshop on Role-based Access Control, pages 65--79, Fairfax, Virginia, October 22-23 1998.

Digital Library

Google Scholar

[12]

R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

Google Scholar

Cited By

View all

Suganthy APrasanna Venkatesan V(2019)An Introspective Study on Dynamic Role-Centric RBAC Models2019 IEEE International Conference on System, Computation, Automation and Networking (ICSCAN)10.1109/ICSCAN.2019.8878827(1-6)Online publication date: Mar-2019
https://doi.org/10.1109/ICSCAN.2019.8878827
Stoller SBui T(2018)Mining hierarchical temporal roles with multiple metricsJournal of Computer Security10.3233/JCS-1798926:1(121-142)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-17989
John JSural SGupta A(2017)Attribute‐based access control management for multicloud collaborationConcurrency and Computation: Practice and Experience10.1002/cpe.419929:19Online publication date: 27-Jun-2017
https://doi.org/10.1002/cpe.4199
Show More Cited By

Index Terms

Temporal hierarchies and inheritance semantics for GTRBAC
1. Security and privacy
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory
      1. Theory of database privacy and security

Recommendations

Dependencies and separation of duty constraints in GTRBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

A Generalized Temporal Role Based Access Control (GTRBAC) model that captures an exhaustive set of temporal constraint needs for access control has recently been proposed. GTRBAC's language constructs allow one to specify various temporal constraints on ...
X-GTRBAC admin: a decentralized administration model for enterprise wide access control
SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Access control in enterprises is a key research area in the realm of Computer Security because of the unique needs of the target enterprise. As the enterprise typically has large user and resource pools, administering the access control based on any ...
A Generalized Temporal Role-Based Access Control Model

Role-based access control (RBAC) models have generated a great interest in the security community as a powerful and generalized approach to security management. In many practical scenarios, users may be restricted to assume roles only at predefined time ...

Comments

Information & Contributors

Information

Published In

SACMAT '02: Proceedings of the seventh ACM symposium on Access control models and technologies

June 2002

170 pages

ISBN:1581134967

DOI:10.1145/507711

General Chair:
Ravi Sandhu
George Mason University and SingleSignOn.Net
,
Program Chair:
Elisa Bertino
University of Milano, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT02

Sponsor:

SIGSAC

SACMAT02: 7th ACM Symposium on Access Control Models and Technologies

June 3 - 4, 2002

California, Monterey, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

64
Total Citations
View Citations
835
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Suganthy APrasanna Venkatesan V(2019)An Introspective Study on Dynamic Role-Centric RBAC Models2019 IEEE International Conference on System, Computation, Automation and Networking (ICSCAN)10.1109/ICSCAN.2019.8878827(1-6)Online publication date: Mar-2019
https://doi.org/10.1109/ICSCAN.2019.8878827
Stoller SBui T(2018)Mining hierarchical temporal roles with multiple metricsJournal of Computer Security10.3233/JCS-1798926:1(121-142)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-17989
John JSural SGupta A(2017)Attribute‐based access control management for multicloud collaborationConcurrency and Computation: Practice and Experience10.1002/cpe.419929:19Online publication date: 27-Jun-2017
https://doi.org/10.1002/cpe.4199
Ghosh NChatterjee DGhosh SDas S(2016)Securing Loosely-Coupled Collaboration in Cloud Environment through Dynamic Detection and Removal of Access ConflictsIEEE Transactions on Cloud Computing10.1109/TCC.2014.23615274:3(349-362)Online publication date: 1-Jul-2016
https://doi.org/10.1109/TCC.2014.2361527
Ye DMei YShang YZhu JOuyang K(2016)Mobile crowd-sensing context aware based fine-grained access control modeMultimedia Tools and Applications10.1007/s11042-015-2693-375:21(13977-13993)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1007/s11042-015-2693-3
Stoller SBui T(2016)Mining Hierarchical Temporal Roles with Multiple MetricsData and Applications Security and Privacy XXX10.1007/978-3-319-41483-6_6(79-95)Online publication date: 2-Jul-2016
https://doi.org/10.1007/978-3-319-41483-6_6
Tverdyshev SBlasum HRudina EKulagin DDyakin PMoiseev S(2016)Security Architecture and Specification Framework for Safe and Secure Industrial AutomationCritical Information Infrastructures Security10.1007/978-3-319-33331-1_1(3-14)Online publication date: 18-May-2016
https://doi.org/10.1007/978-3-319-33331-1_1
Wei ZDeng RShen JZhu JOuyang KWu Y(2015)Multidimensional Context Awareness in Mobile DevicesMultiMedia Modeling10.1007/978-3-319-14442-9_4(38-49)Online publication date: 2015
https://doi.org/10.1007/978-3-319-14442-9_4
Uzun EAtluri VVaidya JSural SFerrara AParlato GMadhusudan P(2014)Security analysis for temporal role based access controlJournal of Computer Security10.5555/2699777.269978022:6(961-996)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.5555/2699777.2699780
Ghosh NChatterjee DGhosh S(2014)An Efficient Heuristic-Based Role Mapping Framework for Secure and Fair Collaboration in SaaS CloudProceedings of the 2014 International Conference on Cloud and Autonomic Computing10.1109/ICCAC.2014.19(227-236)Online publication date: 8-Sep-2014
https://dl.acm.org/doi/10.1109/ICCAC.2014.19
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Dependencies and separation of duty constraints in GTRBAC

X-GTRBAC admin: a decentralized administration model for enterprise wide access control

A Generalized Temporal Role-Based Access Control Model