Title :
An analysis of expressiveness and design issues for the generalized temporal role-based access control model
Author :
Joshi, James B D ; Bertino, Elisa ; Ghafoor, Arif
Author_Institution :
Dept. of Inf. Sci. & Telecommun., Pittsburgh Univ., PA, USA
Abstract :
The generalized temporal role-based access control (GTRBAC) model provides a comprehensive set of temporal constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation. Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented.
Keywords :
authorisation; expressiveness analysis; fine-grained time-based access control; generalized temporal role-based access control model; security administration; temporal constraint expressions; Access control; Guidelines; Permission; Robust control; Security; Telecommunication computing; Timing; Usability; Web and internet services; Workflow management software; Index Terms- Role-based access control; expressiveness analysis; minimality.; temporal constraint;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2005.18
