An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model
Author
James B.D. Joshi , Elisa Bertino,and Arif Ghafoor
Tech report number
CERIAS TR 2005-97
Abstract
The Generalized Temporal Role-Based Access Control (GTRBAC) model provides a comprehensive set of temporal
constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of
the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the
expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a
subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also
illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation.
Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented.
Booktitle
EEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
Key alpha
An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model
Number
VOL. 2, NO. 2, APRIL-JUNE 2005
Publisher
IEEE Computer Society
Publication Date
2005-01-01
Keywords
Role-based access control, temporal constraint, expressiveness analysis, minimality.