Analyzing temporal role based access control models

Emre Uzun, Vijayalakshmi Atluri, Shamik Sural, Jaideep Vaidya, Gennaro Parlato, Anna Lisa Ferrara, P. Madhusudan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and develop safety analysis techniques for it. Safety analysis is essential for understanding the implications of security policies both at the stage of specification and modification. Towards this end, in this paper, we first define an administrative model for TRBAC. Our strategy for performing safety analysis is to appropriately decompose the TRBAC analysis problem into multiple subproblems similar to RBAC. Along with making the analysis simpler, this enables us to leverage and adapt existing analysis techniques developed for traditional RBAC. We have adapted and experimented with employing two state of the art analysis approaches developed for RBAC as well as tools developed for software testing. Our results show that our approach is both feasible and flexible.

Original languageEnglish (US)
Title of host publicationSACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pages177-186
Number of pages10
DOIs
StatePublished - Jul 25 2012
Event17th ACM Symposium on Access Control Models and Technologies, SACMAT'12 - Newark, NJ, United States
Duration: Jun 20 2012Jun 22 2012

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
CountryUnited States
CityNewark, NJ
Period6/20/126/22/12

Keywords

  • Access control
  • Safety analysis
  • Temporal RBAC

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'Analyzing temporal role based access control models'. Together they form a unique fingerprint.

  • Cite this

    Uzun, E., Atluri, V., Sural, S., Vaidya, J., Parlato, G., Ferrara, A. L., & Madhusudan, P. (2012). Analyzing temporal role based access control models. In SACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (pp. 177-186). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/2295136.2295169