Generalized Temporal Role Based Access Control Model (GTRBAC) (Part II) - Expressiveness and Design Issues

Get BibTex-formatted data

Download

PDF

Author

James B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor

Tech report number

CERIAS TR 2003-01

Entry type

techreport

Abstract

The Generalized Temporal Role Based Access Control (GTRBAC) model introduces a large set of temporal constraint expressions that facilitates the specification of a comprehensive access control policy. However, the issue of its expressiveness has not been investigated earlier. In this paper, we present an exhaustive analysis of the expressiveness of the constructs provided by GTRBAC and prove that the set of constraints is not minimal by showing that there is a subset of GTRBAC constraints that is sufficient to express all access constraints that can be expressed using the full set. We formally present the minimality result for the GTRBAC constraint set and argue that, although the complete set of constraints in GTRBAC is not minimal, having such an extensive set is advantageous from the perspective of user convenience and the lower complexity of constraint representation. Based on our analysis, we present a set of design guidelines that can considerably enhance security management.

Download

PDF

URL

http://min.ecn.purdue.edu/~joshij/CERIAS_GTRBAC_II.pdf

Institution

Purdue University

Key alpha

Joshi

Organization

CERIAS

School

ECE

Acknowledgement

Portions of this work were supported by the sponsors of the Center for Education and Research in Information Assurance and Security (CERIAS)

Affiliation

Elisa Bertino is with Dipartimento di Scienze dell

Publication Date

1900-03-10

Keywords

temporal, role based access control,

Language

English

Subject

temporal access control, role based access mechanism

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ Joshi,
	title = "Generalized Temporal Role Based Access Control Model (GTRBAC) (Part II) - Expressiveness and Design Issues",
	author = "James B. D. Joshi, Elisa Bertino, Usman Latif, Arif Ghafoor ",
	institution = "Purdue University",
	organization = "CERIAS",
	school = "ECE",
	abstract = "The Generalized Temporal Role Based Access Control (GTRBAC) model introduces a large set of temporal constraint expressions that facilitates the specification of a comprehensive access control policy. However, the issue of its expressiveness has not been investigated earlier. In this paper, we present an exhaustive analysis of the expressiveness of the constructs provided by GTRBAC and prove that the set of constraints is not minimal by showing that there is a subset of GTRBAC constraints that is sufficient to express all access constraints that can be expressed using the full set. We formally present the minimality result for the GTRBAC constraint set and argue that, although the complete set of constraints in GTRBAC is not minimal, having such an extensive set is advantageous from the perspective of user convenience and the lower complexity of constraint representation. Based on our analysis, we present a set of design guidelines that can considerably enhance security management.",
	acknowledgement = "Portions of this work were supported by the sponsors of the Center for Education and Research in Information Assurance and Security (CERIAS)",
	affiliation = "Elisa Bertino is with Dipartimento di Scienze dell",
	keywords = "temporal, role based access control,",
	language = "English",
	subject = "temporal access control, role based access mechanism",
	url = "http://min.ecn.purdue.edu/~joshij/CERIAS_GTRBAC_II.pdf",
}