This paper presents a discretionary access control model in which authorizations contain temporal information. This information can be used to specify temporal intervals of validity for authorizations and temporal dependencies among authorizations. A formal definition of those concepts is presented in the paper, in terms of their interpretation in first order logic. We characterize sets of temporal dependencies that can lead to undesirable states of the authorization system and we sketch an algorithm for their detection. Finally, operations to add, remove, or modify authorizations and temporal dependencies are described.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993  [doi>10.1145/155183.155225]
	2	James F. Allen, Towards a general theory of action and time, Artificial Intelligence, v.23 n.2, p.123-154, July 1984  [doi>10.1016/0004-3702(84)90008-0]
	3	Vijayalakshmi Atluri , Elisa Bertino , Sushil Jajodia, Achieving Stricter Correctness Requirements in Multilevel Secure Databases, Proceedings of the 1993 IEEE Symposium on Security and Privacy, p.135, May 24-26, 1993
	4	Elisa Bertino , Luigi V. , Luigi V. Mancini , Sushil Jajodia, Collecting Garbage in Multilevel Secure Object Stores, Proceedings of the 1994 IEEE Symposium on Security and Privacy, p.106, May 16-18, 1994
	5	E. Bertino and P. Samarati. Research issues in discretionary authorization for object bases. In B. Thuraisingham, R. Sandhu, and T.Y. Lin, editors, Security for object-oriented systems. Springer- Verlag, London, 1994.
	6	Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168605]
	7	Santosh Chokhani, Trusted products evaluation, Communications of the ACM, v.35 n.7, p.64-76, July 1992  [doi>10.1145/129902.129907]
	8	D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proe. IEEE Symposium on Security and Privacy, pages 184-194, Oakland, California, April 1987.
	9	Oliver Costich, Transaction Processing Using an Untrusted Scheduler in a Multilevel Database with Replicated Architecture, Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects, p.173-189, November 01, 1991
	10	Vinti Doshi , Sushil Jajodia, Referential Integrity in Multilevel Secure Database Management Systems, Proceedings of the IFIP TC11, Eigth International Conference on Information Security: IT Security: The Need for International Cooperation, p.359-371, May 27-29, 1992
	11	E. B. Fernandez, E. Gudes, and H. Song. A security model for object-oriented databases. In Proc. IEEE Symposium on Security and Privacy, pages 110- 115, Oakland, California, May 1989.
	12	Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976  [doi>10.1145/320473.320482]
	13	S. J ajodia and B. Kogan. Integrating an objectoriented data model with multilevel security. Proc. IEEE Symposium on Security and Privacy, Oakland, California, pages 76-85, May 1990.
	14	W. T. Maimone and I. B. Greenberg. Single-level multiversion schedulers for multilevel secure database systems. In Proc. 6th Annual Computer Security Applications Conf., pages 137-147, Tucson, Arizona, December 1990.
	15	Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991  [doi>10.1145/103140.103144]
	16	R.S. Sandhu. Separation of duties in computerized information systems. In S. J ajodia and C.E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 179-189. North-IIolland, Amsterdam, 1991.
	17	T. F. Lunt , D. E. Denning , R. R. Schell , M. Heckman , W. R. Shockley, The SeaView Security Model, IEEE Transactions on Software Engineering, v.16 n.6, p.593-607, June 1990  [doi>10.1109/32.55088]
	18	Kenneth Paul Smith, Managing rules in active databases, University of Illinois at Urbana-Champaign, Champaign, IL, 1992
	19	D. L. Spooner. The impact of inheritance on security in object-oriented database systems. In C.E. Landwehr, editor, Database Security, II: Status and Prospects, pages 141-160. North-Holland, Amsterdam, 1989.
	20	Gerhard Steinke , Matthias Jarke, Support for security modeling in information systems design, Results of the Sixth Working Conference of IFIP Working Group 11.3 on Database Security on Database security, VI : status and prospects: status and prospects, p.125-141, January 1993, Simon Fraser Univ., Vancouver, British Columbia, Canada
	21	R.K. Thomas and R.S. Sandhu. Discretionary access control in object-oriented databases: Issues and research directions. In Proc. 16th National Computer Security Conference, pages 63-74, Baltimore, MD, Sept. 1993.
	22	M. B. Thuraisingham, Mandatory security in object-oriented database systems, Conference proceedings on Object-oriented programming systems, languages and applications, p.203-210, October 02-06, 1989, New Orleans, Louisiana, United States
	23	Johan van Benthem. Temporal logic. In D. Gabbay, C. I-logger, and J. Robinson, editors, Handbook of logic in artificial intelligence and logic programming, volume 3. Oxford University Press, 1991.
	24	T.Y.C. Woo and S.S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2(2 & 3):107-136, 1993.

• Data structures for quadtree approximation and compression Communications of the ACM   28, 9
  Hanan Samet
  
  
• A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
  Kim S. Lee ,  Huizhu Lu ,  D. D. Fisher
  
  
• An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
  Gwo-Dong Chen ,  Daniel D. Gajski
  
  
• The GemStone object database management system Communications of the ACM   34, 10
  Paul Butterworth ,  Allen Otis ,  Jacob Stein
  
  
• Putting innovation to work: adoption strategies for multimedia communication systems Communications of the ACM   34, 12
  Ellen Francik ,  Susan Ehrlich Rudman ,  Donna Cooper ,  Stephen Levine