An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model
Issue No.02 - April-June (2005 vol.2)
James B.D. Joshi , IEEE
Elisa Bertino , IEEE
Arif Ghafoor , IEEE
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2005.18
The Generalized Temporal Role-Based Access Control (GTRBAC) model provides a comprehensive set of temporal constraint expressions which can facilitate the specification of fine-grained time-based access control policies. However, the issue of the expressiveness and usability of this model has not been previously investigated. In this paper, we present an analysis of the expressiveness of the constructs provided by this model and illustrate that its constraints-set is not minimal. We show that there is a subset of GTRBAC constraints that is sufficient to express all the access constraints that can be expressed using the full set. We also illustrate that a nonminimal GTRBAC constraint set can provide better flexibility and lower complexity of constraint representation. Based on our analysis, a set of design guidelines for the development of GTRBAC-based security administration is presented.
Index Terms- Role-based access control, temporal constraint, expressiveness analysis, minimality.
James B.D. Joshi, Elisa Bertino, Arif Ghafoor, "An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model", IEEE Transactions on Dependable and Secure Computing, vol.2, no. 2, pp. 157-175, April-June 2005, doi:10.1109/TDSC.2005.18