Generalized Temporal Role Based Access Control Model (GTRBAC) (Part II) - Expressiveness and Design Issues
Author
James B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor
Tech report number
CERIAS TR 2003-01
Abstract
The Generalized Temporal Role Based Access Control (GTRBAC) model introduces a large set of temporal constraint expressions that facilitates the specification of a comprehensive access control policy. However, the issue of its expressiveness has not been investigated earlier. In this paper, we present an exhaustive analysis of the expressiveness of the constructs provided by GTRBAC and prove that the set of constraints is not minimal by showing that there is a subset of GTRBAC constraints that is sufficient to express all access constraints that can be expressed using the full set. We formally present the minimality result for the GTRBAC constraint set and argue that, although the complete set of constraints in GTRBAC is not minimal, having such an extensive set is advantageous from the perspective of user convenience and the lower complexity of constraint representation. Based on our analysis, we present a set of design guidelines that can considerably enhance security management.
Institution
Purdue University
Acknowledgement
Portions of this work were supported by the sponsors of the Center for Education and Research in Information Assurance and Security (CERIAS)
Affiliation
Elisa Bertino is with Dipartimento di Scienze dell
Publication Date
1900-03-10
Keywords
temporal, role based access control,
Subject
temporal access control, role based access mechanism