Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Tanvir Ahmed , Anand R. Tripathi, Static verification of security requirements in role based CSCW systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775438]
	2	Bowen Alpern and Fred B. Schneider. Recognizing safety and liveness. Distributed Computing, 2(3):117--126, 1987.
	3	L. Bauer, J. Ligatti, and D. Walker. More enforceable security policies, 2002.
	4	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001  [doi>10.1145/501978.501979]
	5	Elisa Bertino , Elena Ferrari , Vijay Atluri, The specification and enforcement of authorization constraints in workflow management systems, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.65-104, Feb. 1999  [doi>10.1145/300830.300837]
	6	Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. Specifying and reasoning about dynamic access-control policies. In IJCAR, pages 632--646, 2006.
	7	Steven T. Eckmann , Giovanni Vigna , Richard A. Kemmerer, STATL: an attack language for state-based intrusion detection, Journal of Computer Security, v.10 n.1-2, p.71-103, 2002
	8	Kathi Fisler , Shriram Krishnamurthi , Leo A. Meyerovich , Michael Carl Tschantz, Verification and change-impact analysis of access-control policies, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062502]
	9	Jeremy Frank and Matt Bishop. Extending the take-grant protection system. Technical Report Technical Report, Department of Computer Science, University of California at Davis, 1996.
	10	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976  [doi>10.1145/360303.360333]
	11	A. K. Jones , R. J. Lipton , L. Snyder, A Linear time algorithm for deciding security, Proceedings of the 17th Annual Symposium on Foundations of Computer Science (sfcs 1976), p.33-41, October 25-27, 1976
	12	Ninghui Li , William H. Winsborough , John C. Mitchell, Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.123, May 11-14, 2003
	13	Fabio Martinelli, Paolo Mori, and Anna Vaccarelli. Towards continuous usage control on grid computational services. icas-icns, 0:82, 2005.
	14	Ravi S. Sandhu, The Typed Access Matrix Model, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.122, May 04-06, 1992
	15	Andreas Schaad , Volkmar Lotz , Karsten Sohr, A model-checking approach to analysing organisational controls in a loan origination process, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA  [doi>10.1145/1133058.1133079]
	16	Andreas Schaad , Pascal Spadone , Helmut Weichsel, A case study of separation of duty properties in the context of the Austrian "eLaw" process., Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico  [doi>10.1145/1066677.1066976]
	17	Fred B. Schneider, Enforceable security policies, ACM Transactions on Information and System Security (TISSEC), v.3 n.1, p.30-50, Feb. 2000  [doi>10.1145/353323.353382]
	18	R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. DuVarney. Model-carrying code: A practical approach for safe execution of untrusted applications, 2003.
	19	R. K. Thomas , R. S. Sandhu, Towards a task-based paradigm for flexible and adaptable access control in distributed applications, Proceedings on the 1992-1993 workshop on New security paradigms, p.138-142, August 1993, Little Compton, Rhode Island, United States  [doi>10.1145/283751.283810]
	20	Roshan K. Thomas , Ravi S. Sandhu, Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management, Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Securty XI: Status and Prospects, p.166-181, August 10-13, 1997
	21	Qihua Wang , Ninghui Li, Direct static enforcement of high-level security policies, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore  [doi>10.1145/1229285.1229315]