An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model

Get BibTex-formatted data

Author

James B.D. Joshi , Elisa Bertino,and Arif Ghafoor

Tech report number

CERIAS TR 2005-97

Entry type

article

Abstract

The Generalized Temporal Role-Based Access Control (GTRBAC) model provides a comprehensive set of temporal constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation. Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented.

Date

2005

Booktitle

EEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

Key alpha

An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model

Number

VOL. 2, NO. 2, APRIL-JUNE 2005

Publisher

IEEE Computer Society

Affiliation

IEEE

Publication Date

2005-01-01

Copyright

2005 IEEE

Keywords

Role-based access control, temporal constraint, expressiveness analysis, minimality.

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model,
	title = "An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model",
	author = "James B.D. Joshi , Elisa Bertino,and Arif Ghafoor",
	year = "2005",
	booktitle = "EEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING",
	number = "VOL. 2, NO. 2, APRIL-JUNE 2005 ",
	publisher = "IEEE Computer Society",
	abstract = "The Generalized Temporal Role-Based Access Control (GTRBAC) model provides a comprehensive set of temporal 
constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of 
the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the 
expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a 
subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also 
illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation. 
Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented. ",
	affiliation = "IEEE",
	copyright = "2005 IEEE",
	keywords = "Role-based access control, temporal constraint, expressiveness analysis, minimality. ",
}