Liang Chen
Jason Crampton
ABSTRACT
Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.
- American National Standards Institute. ANSI INCITS 359--2004 for Role Based Access Control, 2004.Google Scholar
- C. A. Ardagna, M. Cremonini, E. Damiani, S. D. C. di Vimercati, and P. Samarati. Supporting location-based conditions in access control policies. In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pages 212--222, 2006. Google ScholarDigital Library
- E. Bertino, P. A. Bonatti, and E. Ferrari. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security, 4(3):191--233, 2001. Google ScholarDigital Library
- E. Bertino, B. Catania, M. L. Damiani, and P. Perlasca. GEO-RBAC: A spatially aware RBAC. In Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pages 29--37, 2005. Google ScholarDigital Library
- L. Chen and J. Crampton. Inter-domain role mapping and least privilege. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pages 157--162, 2007. Google ScholarDigital Library
- M. J. Covington, W. Long, S. Srinivasan, A. K. Dev, M. Ahamad, and G. D. Abowd. Securing context-aware applications using environment roles. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 10--20, 2001. Google ScholarDigital Library
- C. K. Georgiadis, I. Mavridis, G. Pangalos, and R. K. Thomas. Flexible team-based access control using contexts. In Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pages 21--27, 2001. Google ScholarDigital Library
- F. Hansen and V. Oleshchuk. SRBAC: A spatial role-based access control model for mobile systems. In Proceedings of the 7th Nordic Workshop on Secure IT Systems, pages 129--141, 2003.Google Scholar
- J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4--23, 2005. Google ScholarDigital Library
- M. Nyanchama and S. Osborn. The role graph model and conflict of interest. ACM Transactions on Information and System Security, 2(1):3--33, 1999. Google ScholarDigital Library
- I. Ray and M. Kumar. Towards a location-based mandatory access control model. Computers & Security, 25(1):36--44, 2006.Google ScholarDigital Library
- I. Ray and M. Toahchoodee. A spatio-temporal role-based access control model. In Proceedings of the 21th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pages 211--226, 2007. Google ScholarDigital Library
- R. Sandhu. Role activation hierarchies. In Proceedings of the Third ACM Workshop on Role-Based Access Control, pages 33--40, 1998. Google ScholarDigital Library
- R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996. Google ScholarDigital Library
- M. Strembeck and G. Neumann. An integrated approach to engineer and enforce context constraints in RBAC environments. ACM Transactions on Information and System Security, 7(3):392--427, 2004. Google ScholarDigital Library
- R. K. Thomas. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In Proceedings of the Second ACM Workshop on Role-Based Access Control, pages 13--19, 1997. Google ScholarDigital Library
Index Terms
- On spatio-temporal constraints and inheritance in role-based access control
Recommendations
Practical Role-Based Access Control
This article presents access control from a general and a role-based perspective. The article's focus is role based Access Control from a practical vice a theoretical perspective. The article starts with some access control definitions and two secure ...
The Applied Research of Access Control Model in Scientific Data Sharing Platform
GCIS '10: Proceedings of the 2010 Second WRI Global Congress on Intelligent Systems - Volume 02with the development of computer technology, especially the rapid development of the network, information security is becoming more and more important. In practical applications, access control is the system security technology implement of security ...
Symbolic reachability analysis for parameterized administrative role-based access control
Role-based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role-based access control (ARBAC) policy specifies how each administrator may ...
Comments