ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
TRBAC: A temporal role-based access control model
Full text PdfPdf (355 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 4 ,  Issue 3  (August 2001) table of contents
Pages: 191 - 233  
Year of Publication: 2001
ISSN:1094-9224
Authors
Elisa Bertino  University of Milano, Milano, Italy
Piero Andrea Bonatti  University of Milano, Milano, Italy
Elena Ferrari  University of insubria, Como, Italy
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 32,   Downloads (12 Months): 223,   Citation Count: 40
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/501978.501979
What is a DOI?

ABSTRACT

Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles may be available to users at certain time periods, and unavailable at others. Moreover, there can be temporal dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extension of the RBAC model. TRBAC supports periodic role enabling and disabling---possibly with individual exceptions for particular users---and temporal dependencies among such actions, expressed by means of role triggers. Role trigger actions may be either immediately executed, or deferred by an explicitly specified amount of time. Enabling and disabling actions may be given a priority, which is used to solve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, a system implementing TRBAC on top of a conventional DBMS is presented.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , Ravi Sandhu, The RSL99 language for role-based separation of duty constraints, Proceedings of the fourth ACM workshop on Role-based access control, p.43-54, October 28-29, 1999, Fairfax, Virginia, United States  [doi>10.1145/319171.319176]
 
2
ATLURI,V.(ED.) 1999. Proceedings of the Fourth ACM Workshop on Role-Based Access Control (Fairfax, Va.).
 
3
Elisa Bertino, Data security, Data & Knowledge Engineering, v.25 n.1-2, p.199-216, March 1998  [doi>10.1016/S0169-023X(97)00049-9]
4
Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998  [doi>10.1145/293910.293151]
5
Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
 
6
Thomas T. Cormen , Charles E. Leiserson , Ronald L. Rivest, Introduction to algorithms, MIT Press, Cambridge, MA, 1990
7
David F. Ferraiolo , John F. Barkley , D. Richard Kuhn, A role-based access control model and reference implementation within a corporate intranet, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.34-64, Feb. 1999  [doi>10.1145/300830.300834]
8
Avigdor Gal , Vijayalakshmi Atluri, An authorization model for temporal data, Proceedings of the 7th ACM conference on Computer and communications security, p.144-153, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352621]
 
9
GELFOND,M.AND LIFSCHITZ, V. 1988. The stable model semantics for logic programming. In Proceedings of the Fifth ICLP Conference, MIT Press, Cambridge, Mass., 1070-1080.
 
10
GULUTZAN,P.AND PELZER, T. 1999. SQL99 Complete, Really. Miller Freeman, Kansas.
11
Trent Jaeger , Atul Prakash , Jochen Liedtke , Nayeem Islam, Flexible control of downloaded executable content, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.177-228, May 1999  [doi>10.1145/317087.317091]
 
12
Dirk Jonscher , Jonathan D. Moffett , Klaus R. Dittrich, Complex Subjects, or: The Striving for Complexity is Ruling our World, Proceedings of the IFIP WG11.3 Working Conference on Database Security VII, p.19-37, September 12-15, 1993
 
13
Savith Kandala , Ravi S. Sandhu, Extending The BFA Workflow Authorization Model to Express Weighted Voting, Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security, p.145-159, July 26-28, 1999
14
D. Richard Kuhn, Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems, Proceedings of the second ACM workshop on Role-based access control, p.23-30, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266749]
 
15
J. W. Lloyd, Foundations of logic programming, Springer-Verlag New York, Inc., New York, NY, 1984
 
16
Chitta Baral , Jorge Lobo, Formal Characterization of Active Databases, Proceedings of the International Workshop on Logic in Databases, p.175-195, July 01-02, 1996
 
17
LOBO,J.AND RACHID, L. 1994. A semantics for a class of non-deterministic and causal production system programs. J. Autom. Reason. 12, 308-349.
 
18
NIEZETTE,M.AND STEVENNE, J. 1992. An efficient symbolic representation of periodic time. In Proceedings of the First International Conference on Information and Knowledge Management.
19
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999  [doi>10.1145/300830.300832]
20
Sylvia Osborn , Yuxia Guo, Modeling users in role-based access control, Proceedings of the fifth ACM workshop on Role-based access control, p.31-37, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344299]
21
Sylvia Osborn , Ravi Sandhu , Qamar Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.2, p.85-106, May 2000  [doi>10.1145/354876.354878]
 
22
SANDHU, R. 1991. Separation of duties in computerized information systems. In Database Security IV: Status and Prospects, North Holland, Amsterdam, the Netherlands, 179-189.
 
23
SANDHU,R.(ED.) 1995. Proceedings of the First ACM Workshop on Role-Based Access Control (Fairfax, Va.).
 
24
Ravi S. Sandhu, Role Hierarchies and Constraints for Lattice-Based Access Controls, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.65-79, September 25-27, 1996
 
25
SANDHU,R.(ED.) 1997. Proceedings of the Second ACM Workshop on Role-Based Access Control (Fairfax, Va.).
 
26
SANDHU,R.(ED.) 1998a. Proceedings of the Third ACM Workshop on Role-Based Access Control (Fairfax, Va.).
 
27
SANDHU, R. 1998b. Role-based access control. Advances in Computers, 46, Academic Press.
 
28
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
29
Richard Simon , Mary Ellen Zurko, Separation of Duty in Role-based Environments, Proceedings of the 10th Computer Security Foundations Workshop (CSFW '97), p.183, June 10-12, 1997
30
Jonathon E. Tidswell , Trent Jaeger, Integrated constraints and inheritance in DTAC, Proceedings of the fifth ACM workshop on Role-based access control, p.93-102, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344307]

CITED BY  40
James B D Joshi , Elisa Bertino , Arif Ghafoor, Temporal hierarchies and inheritance semantics for GTRBAC, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
Shu-Ching Chen , Mei-Ling Shyu , Na Zhao, SMARXO: towards secured multimedia applications by adopting RBAC, XML and object-relational database, Proceedings of the 12th annual ACM international conference on Multimedia, October 10-16, 2004, New York, NY, USA
Liang Chen , Jason Crampton, Inter-domain role mapping and least privilege, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Marc Wilikens , Simone Feriti , Alberto Sanna , Marcelo Masera, A context-related authorization and access control method based on RBAC:, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
Urs Hengartner , Peter Steenkiste, Implementing access control to people location information, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
 
Maria Luisa Damiani , Elisa Bertino , Claudio Silvestri, Spatial Domains for the Administration of Location-based Access Control Policies, Journal of Network and Systems Management, v.16 n.3, p.277-302, September 2008
James B. D. Joshi , Elisa Bertino , Arif Ghafoor , Yue Zhang, Formal foundations for hybrid hierarchies in GTRBAC, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-39, January 2008
Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005
Jason Crampton, Understanding and developing role-based administrative models, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Liang Chen , Jason Crampton, On spatio-temporal constraints and inheritance in role-based access control, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Urs Hengartner , Peter Steenkiste, Access control to people location information, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.424-456, November 2005
 
Ioannis Mavridis , Andreas Mattas , Ioannis Pagkalos , Isabella Kotini , Christos Ilioudis, Supporting dynamic administration of RBAC in web-based collaborative applications during run-time, International Journal of Information and Computer Security, v.2 n.4, p.328-352, January 2009
Muhammad Alam , Michael Hafner , Ruth Breu, A constraint based role based access control in the SECTET a model-driven approach, Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, October 30-November 01, 2006, Markham, Ontario, Canada
 
Deqing Zou , Ligang He , Hai Jin , Xueguang Chen, CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment, Journal of Network and Computer Applications, v.32 n.2, p.402-411, March, 2009
James B. D. Joshi , Basit Shafiq , Arif Ghafoor , Elisa Bertino, Dependencies and separation of duty constraints in GTRBAC, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Keith Irwin , Ting Yu , William H. Winsborough, Enforcing security properties in task-based systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
Qun Ni , Elisa Bertino , Jorge Lobo, An obligation model bridging access control policies and privacy policies, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
 
M. L. Damiani , E. Bertino , P. Perlasca, Data security in location-aware applications: an approach based on RBAC, International Journal of Information and Computer Security, v.1 n.1/2, p.5-38, January 2007
Yuqing Sun , Peng Pan, PRES: a practical flexible RBAC workflow system, Proceedings of the 7th international conference on Electronic commerce, August 15-17, 2005, Xi'an, China
Xuhui Ao , Naftaly H. Minsky, On the role of roles: from role-based to role-sensitive access control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
 
Shermann S. Chan , Qing Li , José A. Pino, VideoAcM: a transitive and temporal access control mechanism for collaborative video database production applications, Multimedia Tools and Applications, v.29 n.1, p.29-53, April 2006
 
James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005
Vijayalakshmi Atluri , Janice Warner, Supporting conditional delegation in secure workflow management systems, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
 
Song Fu , Cheng-Zhong Xu, Coordinated access control with temporal and spatial constraints on mobile execution in coalition environments, Future Generation Computer Systems, v.23 n.6, p.804-815, July, 2007
 
James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005
Tanvir Ahmed , Anand R. Tripathi, Specification and verification of security requirements in a programming model for decentralized CSCW systems, ACM Transactions on Information and System Security (TISSEC), v.10 n.2, p.7-es, May 2007
 
Gilles Goncalves , Aneta Poniszewska-Maranda, Role engineering: From design to evolution of security schemes, Journal of Systems and Software, v.81 n.8, p.1306-1326, August, 2008
Radha Jagadeesan , Will Marrero , Corin Pitcher , Vijay Saraswat, Timed constraint programming: a declarative approach to usage control, Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.164-175, July 11-13, 2005, Lisbon, Portugal
Stere Preda , Frédéric Cuppens , Nora Cuppens-Boulahia , Joaquin G. Alfaro , Laurent Toutain , Yehia Elrakaiby, Semantic context aware security policy deployment, Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, March 10-12, 2009, Sydney, Australia
Gustaf Neumann , Mark Strembeck, An approach to engineer and enforce context constraints in an RBAC environment, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Gail-Joon Ahn , Hongxin Hu, Towards realizing a formal RBAC model in real systems, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
 
Sylvia Encheva , Sharil Tumin, Preventing conflict situations during authorization, WSEAS Transactions on Computers, v.7 n.4, p.265-272, April 2008
 
Vijayalakshmi Atluri , Soon Ae Chun, An Authorization Model for Geospatial Data, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.238-254, October 2004
 
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
 
Muhammad Alam , Michael Hafner , Ruth Breu, Constraint based role based access control in the SECTET-framework: A model-driven approach, Journal of Computer Security, v.16 n.2, p.223-260, April 2008
 
Qurban Memon , Shakil Akhtar , Alaa A. Aly, Role management in adhoc networks, Proceedings of the 2007 spring simulaiton multiconference, March 25-29, 2007, Norfolk, Virginia
 
Peng Liu , Zhong Chen, An Access Control Model for Web Services in Business Process, Proceedings of the 2004 IEEE/WIC/ACM International Conference on Web Intelligence, p.292-298, September 20-24, 2004
Elisa Bertino , Bhavani Thuraisingham , Michael Gertz , Maria Luisa Damiani, Security and privacy for geospatial data: concepts and research directions, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
 
Paolo Guarda , Nicola Zannone, Towards the development of privacy-aware systems, Information and Software Technology, v.51 n.2, p.337-350, February, 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration


General Terms:
Security


Keywords:
Role triggers, role-based access control, temporal constraints

Collaborative Colleagues:
Elisa Bertino: colleagues
Piero Andrea Bonatti: colleagues
Elena Ferrari: colleagues

Peer to Peer - Readers of this Article have also read:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player