An access control model supporting periodicity constraints and temporal reasoning

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

An access control model supporting periodicity constraints and temporal reasoning

Full text

Pdf (469 KB)

Source

ACM Transactions on Database Systems (TODS) archive
Volume 23 , Issue 3 (September 1998) table of contents

Pages: 231 - 285

Year of Publication: 1998

ISSN:0362-5915

Authors

Elisa Bertino	Univ. di Milano, Milan, Italy
Claudio Bettini	Univ. di Milano, Milan, Italy
Elena Ferrari	Univ. di Milano, Milan, Italy
Pierangela Samarati	Univ. di Milano, Milan, Italy

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 105, Citation Count: 50

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/293910.293151 What is a DOI?

ABSTRACT

Access control models, such as the ones supported by commercial DBMSs, are not yet able to fully meet many application needs. An important requirement derives from the temporal dimension that permissions have in many real-world situations. Permissions are often limited in time or may hold only for specific periods of time. In this article, we present an access control model in which periodic temporal intervals are associated with authorizations. An authorization is automatically granted in the specified intervals and revoked when such intervals expire. Deductive temporal rules with periodicity and order constraints are provided to derive new authorizations based on the presence or absence of other authorizations in specific periods of time. We provide a solution to the problem of ensuring the uniqueness of the global set of valid authorizations derivable at each instant, and we propose an algorithm to compute this set. Moreover, we address issues related to the efficiency of access control by adopting a materialization approach. The resulting model provides a high degree of flexibility and supports the specification of several protection requirements that cannot be expressed in traditional access control models.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	2	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, A Temporal Access Control Mechanism for Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.67-80, February 1996 [doi>10.1109/69.485637]
	3	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, Supporting Periodic Authorizations and Temporal Reasoning in Database Access Control, Proceedings of the 22th International Conference on Very Large Data Bases, p.472-483, September 03-06, 1996
	4	BERTINO, E., BETTINI, C., FERRARI, E., AND SAMARATI, P. 1996c. On using materialization strategies for a temporal authorization model. In Post-SIGMOD Workshop on Materialized Views: Techniques and Applications Proceedings (Montreal, Que., June 6), 34-81.
	5	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, Decentralized administration for a temporal access control model, Information Systems, v.22 n.4, p.223-248, June 1997 [doi>10.1016/S0306-4379(97)00013-6]
	6	Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168605]
	7	C. J. Date, An introduction to database systems (7th ed.), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	8	FALASCHI, M., LEVI, G., MARTELLI, M., AND PALAMIDESSI, C. 1988. A new declarative semantics for logic languages. In Fifth International Conference and Symposium on Logic Programming Proceedings (Seattle, WA, Aug. 15-19), 993-1005.
	9	FERRARI, E. 1998. Access control mechanisms for database systems: Formal models and architectural aspects. Ph.D. Thesis, Dipartimento di Scienze dell'Informazione, Universita` di Milano.
	10	FOUNDATION, O. S. 1993. OSF/Motif Programmer's Guide. Prentice-Hall, Englewood Cliffs, NJ.
	11	Allen Van Gelder , Kenneth A. Ross , John S. Schlipf, The well-founded semantics for general logic programs, Journal of the ACM (JACM), v.38 n.3, p.619-649, July 1991 [doi>10.1145/116825.116838]
	12	GELFOND,M.AND LIFSCHITZ, V. 1988. The stable model semantics for logic programming. In Fifth International Conference and Symposium on Logic Programming Proceedings (Seattle, WA, Aug. 15-19), 1070-1080.
	13	Georg Gottlob , Sherry Marcus , Anil Nerode , Gernot Salzer , V. S. Subrahmanian, A non-ground realization of the stable and well-founded semantics, Theoretical Computer Science, v.166 n.1-2, p.221-262, Oct. 20, 1996 [doi>10.1016/0304-3975(95)00207-3]
	14	Ashish Gupta , Inderpal Singh Mumick , V. S. Subrahmanian, Maintaining views incrementally, Proceedings of the 1993 ACM SIGMOD international conference on Management of data, p.157-166, May 25-28, 1993, Washington, D.C., United States
	15	CORPORATE Informix Software, Informix guide to SQL, Prentice Hall PTR, Upper Saddle River, NJ, 2000
	16	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	17	LU, J., LUDASCHER, B., SCHU, J., AND SUBRAHMANIAN, V. 1996. Well-founded views in constraint databases: Incremental materialization and maintenance. Tech. Rep., University of Maryland.
	18	James J. Lu , Guido Moerkotte , Joachim Schue , V. S. Subrahmanian, Efficient maintenance of materialized mediated views, Proceedings of the 1995 ACM SIGMOD international conference on Management of data, p.340-351, May 22-25, 1995, San Jose, California, United States
	19	NIEZETTE,M.AND STEVENNE, J. 1992. An efficient symbolic representation of periodic time. In First International Conference on Information and Knowledge Management Proceedings. (Baltimore, MD, Nov. 2-5).
	20	Peter Z. Revesz, A closed-form evaluation for Datalog queries with integer (gap)-order constraints, Theoretical Computer Science, v.116 n.1, p.117-149, Aug. 2, 1993
	21	Peter Z. Revesz, Safe Stratified Datalog with Integer Order Programs, Proceedings of the First International Conference on Principles and Practice of Constraint Programming, p.154-169, September 19-22, 1995
	22	STEINER,J.G.,NEUMAN, C., AND SCHILLER, J. I. 1988. Kerberos: An authentication service for open network systems. In USENIX Conference Proceedings (Dallas, TX, Winter 1988), 191-202.
	23	David Toman , Jan Chomicki , David S. Rogers, Datalog with integer periodicity constraints, Proceedings of the 1994 International Symposium on Logic programming, p.189-203, November 1994, Symposia, Melbourne
	24	WOO,T.AND LAM, S. 1993. Authorizations in distributed systems: A new approach. J. Comput. Sec. 2, 2&3, 107-136.

CITED BY 50

	David Cohen , Peter Jeavons , Peter Jonsson , Manolis Koubarakis, Building tractable disjunctive constraints, Journal of the ACM (JACM), v.47 n.5, p.826-853, Sept. 2000
	Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, Proceedings of the sixth ACM symposium on Access control models and technologies, p.41-52, May 2001, Chantilly, Virginia, United States
	Avigdor Gal , Vijayalakshmi Atluri, An authorization model for temporal data, Proceedings of the 7th ACM conference on Computer and communications security, p.144-153, November 01-04, 2000, Athens, Greece
	Vijayalakshmi Atluri , Avigdor Gal, An authorization model for temporal and derived data: securing information portals, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.62-94, February 2002
	Elisa Bertino , Barbara Carminati , Elena Ferrari, A temporal key management scheme for secure broadcasting of XML documents, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	Elisa Bertino , Jianping Fan , Elena Ferrari , Mohand-Said Hacid , Ahmed K. Elmagarmid , Xingquan Zhu, A hierarchical access control model for video database systems, ACM Transactions on Information Systems (TOIS), v.21 n.2, p.155-191, April 2003
	Wee Yeh Tan, Constraints-based access control, Proceedings of the fifteenth annual working conference on Database and application security, p.31-44, July 15-18, 2001, Niagara, Ontario, Canada
	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: a temporal role-based access control model, Proceedings of the fifth ACM workshop on Role-based access control, p.21-30, July 26-28, 2000, Berlin, Germany
	Elisa Bertino , Moustafa A. Hammad , Walid G. Aref , Ahmed K. Elmagarmid, An access control model for video database systems, Proceedings of the ninth international conference on Information and knowledge management, p.336-343, November 06-11, 2000, McLean, Virginia, United States
	Elisa Bertino , Piero Andrea Bonatti , Elena Ferrari, TRBAC: A temporal role-based access control model, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.191-233, August 2001
	Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.71-127, February 2003
	Xinwen Zhang , Jaehong Park , Francesco Parisi-Presicce , Ravi Sandhu, A logical specification for usage control, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Steve Barker , Michael Leuschel , Mauricio Varea, Efficient and flexible access control via logic program specialisation, Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation, p.190-199, August 24-25, 2004, Verona, Italy
	François Siewe , Antonio Cau , Hussein Zedan, A compositional framework for access control policies enforcement, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, p.32-42, October 30, 2003, Washington, D.C.
	Paolo Terenziani, Symbolic User-Defined Periodicity in Temporal Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.15 n.2, p.489-509, February 2003
	N. R. Adam , V. Atluri , E. Bertino , E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.296-315, March 2002
	Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
	Steve Barker , Peter J. Stuckey, Flexible access control policy specification with constraint logic programming, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.501-546, November 2003
	James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005
	H. F. Wedde , Mario Lischka, Role-based access control in ambient and remote space, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Xinwen Zhang , Francesco Parisi-Presicce , Ravi Sandhu , Jaehong Park, Formal model and policy specification of usage control, ACM Transactions on Information and System Security (TISSEC), v.8 n.4, p.351-387, November 2005
	Rafae Bhatti , Arif Ghafoor , Elisa Bertino , James B. D. Joshi, X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control, ACM Transactions on Information and System Security (TISSEC), v.8 n.2, p.187-227, May 2005
	James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005
	Indrakshi Ray, Applying Semantic Knowledge to Real-Time Update of Access Control Policies, IEEE Transactions on Knowledge and Data Engineering, v.17 n.6, p.844-858, June 2005
	Stéphane Demri, LTL Over integer periodicity constraints, Theoretical Computer Science, v.360 n.1, p.96-123, 21 August 2006
	Daniele Gorla , Matthew Hennessy , Vladimiro Sassone, Inferring dynamic credentials for rôle-based trust management, Proceedings of the 8th ACM SIGPLAN symposium on Principles and practice of declarative programming, July 10-12, 2006, Venice, Italy
	Wonjun Lee , Anna C. Squicciarini , Elisa Bertino, An assessment of accountability policies for large-scale distributed computing systems, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, April 13-15, 2009, Oak Ridge, Tennessee
	Meenakshi Balasubramanian , Abhishek Bhatnagar , Namit Chaturvedi , Atish Datta Chowdhury , Arul Ganesh, A framework for decentralized access control, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and obligations in policy management and security applications, Proceedings of the 28th international conference on Very Large Data Bases, p.502-513, August 20-23, 2002, Hong Kong, China
	Qun Ni , Elisa Bertino , Jorge Lobo, An obligation model bridging access control policies and privacy policies, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA
	Tai Xin , Indrakshi Ray, A lattice-based approach for updating access control policies in real-time, Information Systems, v.32 n.5, p.755-772, July, 2007
	Song Fu , Cheng-Zhong Xu, Coordinated access control with temporal and spatial constraints on mobile execution in coalition environments, Future Generation Computer Systems, v.23 n.6, p.804-815, July, 2007
	Lavinia Egidi , Paolo Terenziani, A mathematical framework for the semantics of symbolic languages representing periodic time, Annals of Mathematics and Artificial Intelligence, v.46 n.3, p.317-347, March 2006
	Peter Revesz , Mengchu Cai, Efficient Querying and Animation of Periodic Spatio-Temporal Databases, Annals of Mathematics and Artificial Intelligence, v.36 n.4, p.437-457, December 2002
	Alessandro Colantonio , Roberto Di Pietro , Alberto Ocello, A cost-driven approach to role engineering, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	Shermann S. Chan , Qing Li , José A. Pino, VideoAcM: a transitive and temporal access control mechanism for collaborative video database production applications, Multimedia Tools and Applications, v.29 n.1, p.29-53, April 2006
	Claudio Bettini , Roberto De Sibi, Symbolic representation of user-defined time granularities, Annals of Mathematics and Artificial Intelligence, v.30 n.1-4, p.53-92, 2000
	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and Obligations in Policy Rule Management, Journal of Network and Systems Management, v.11 n.3, p.351-372, September 2003
	Jiexing Li , Yufei Tao , Xiaokui Xiao, Preservation of proximity privacy in publishing numerical sensitive data, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
	Lavinia Egidi , Paolo Terenziani, A modular approach to user-defined symbolic periodicities, Data & Knowledge Engineering, v.66 n.1, p.163-198, July, 2008
	Joseph Y. Halpern , Vicky Weissman, Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security (TISSEC), v.11 n.4, p.1-41, July 2008
	Stéphane Demri , Régis Gascon, Verification of qualitative Z constraints, Theoretical Computer Science, v.409 n.1, p.24-40, December, 2008
	Xiaokui Xiao , Yufei Tao, Dynamic anonymization: accurate statistical analysis with privacy preservation, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
	A. Prasad Sistla , Min Zhou, Analysis of dynamic policies, Information and Computation, v.206 n.2-4, p.185-212, February, 2008
	Curtis Dyreson , Richard T. Snodgrass , Faiz Currim , Sabah Currim , Shailesh Joshi, Weaving temporal and reliability aspects into a schema tapestry, Data & Knowledge Engineering, v.63 n.3, p.752-773, December, 2007
	Sarath Indrakanti , Vijay Varadharajan , Ritesh Agarwal, On the design, implementation and application of an authorisation architecture for web services, International Journal of Information and Computer Security, v.1 n.1/2, p.64-108, January 2007
	Steve Barker , Michael Leuschel , Mauricio Varea, Efficient and flexible access control via Jones-optimal logic program specialisation, Higher-Order and Symbolic Computation, v.21 n.1-2, p.5-35, June 2008
	Paolo Guarda , Nicola Zannone, Towards the development of privacy-aware systems, Information and Software Technology, v.51 n.2, p.337-350, February, 2009
	Steve Barker , Marek J. Sergot , Duminda Wijesekera, Status-Based Access Control, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-47, October 2008
	Steve Barker, The next 700 access control models or a unifying meta-model?, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy

INDEX TERMS

Primary Classification:
H. Information Systems
H.2 DATABASE MANAGEMENT
H.2.7 Database Administration
Subjects: Security, integrity, and protection

General Terms:
Security

Keywords:
access control, periodic authorization, temporal constraints, time management

REVIEW

"Eduardo B. Fernandez : Reviewer"

An access control model is presented in which periodic temporal intervals are associated with authorizations. Authorizations are valid within a specific interval and are revoked at the end of the interval. The authors first define more...

Collaborative Colleagues:

Elisa Bertino: colleagues

Claudio Bettini: colleagues

Elena Ferrari: colleagues

Pierangela Samarati: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player