TY - JOUR
T1 - AMTRAC
T2 - An administrative model for temporal role-based access control
AU - Sharma, Manisha
AU - Sural, Shamik
AU - Vaidya, Jaideep
AU - Atluri, Vijayalakshmi
N1 - Funding Information:
Jaideep Vaidya is an associate professor of Computer Information Systems at Rutgers University. He received the bachelor's degree in Computer Engineering at the University of Mumbai and master's and PhD degrees in Computer Science at Purdue University. His research interests are in privacy, security, data mining, and data management and he has published more than 90 papers in international conferences and journals. He is a recipient of US National Science Foundation Career Award and a Rutgers Board of Trustees Research Fellowship for Scholarly Excellence. He is a member of the IEEE Computer Society and a member of the ACM.
Funding Information:
Vijayalakshmi Atluri is a professor of computer information systems in the MSIS Department, and research director for the Center for Information Management, Integration and Connectivity at Rutgers University. She is currently a program director at US National Science Foundation. Her research interests include information security, spatial databases, multimedia and distributed systems. She has published extensively in premier journals and conferences. She was the recipient of the NSF CAREER Award, and the Rutgers University Research Award for untenured faculty for outstanding research contributions. She is a senior member of the IEEE Computer Society and a member of the ACM.
PY - 2013
Y1 - 2013
N2 - Over the years, Role Based Access Control (RBAC) has received significant attention in system security and administration. The Temporal Role Based Access Control (TRBAC) model is an extension of RBAC that allows one to specify periodic enabling and disabling of roles in a role enabling base (REB). While decentralized administration and delegation of administrative responsibilities in large RBAC systems is managed using an administrative role based access control model like ARBAC97, no administrative model for TRBAC has yet been proposed. In this paper, we introduce such a model and name it AMTRAC (Administrative Model for Temporal Role based Access Control). AMTRAC defines a broad range of relations that control user-role assignment, role-permission assignment, role-role assignment and role enabling base assignment. Since the first three are similar to those in ARBAC97, the role enabling base assignment component has been discussed in detail in this paper. The different ways by which role enabling conditions of regular roles can be modified are first explained. We then show how to specify which of the administrative roles are authorized to modify the role enabling conditions of any regular role. An exhaustive set of commands for authorization enforcement along with their pre and postconditions is also presented. Together, this would facilitate practical deployment and security analysis of TRBAC systems.
AB - Over the years, Role Based Access Control (RBAC) has received significant attention in system security and administration. The Temporal Role Based Access Control (TRBAC) model is an extension of RBAC that allows one to specify periodic enabling and disabling of roles in a role enabling base (REB). While decentralized administration and delegation of administrative responsibilities in large RBAC systems is managed using an administrative role based access control model like ARBAC97, no administrative model for TRBAC has yet been proposed. In this paper, we introduce such a model and name it AMTRAC (Administrative Model for Temporal Role based Access Control). AMTRAC defines a broad range of relations that control user-role assignment, role-permission assignment, role-role assignment and role enabling base assignment. Since the first three are similar to those in ARBAC97, the role enabling base assignment component has been discussed in detail in this paper. The different ways by which role enabling conditions of regular roles can be modified are first explained. We then show how to specify which of the administrative roles are authorized to modify the role enabling conditions of any regular role. An exhaustive set of commands for authorization enforcement along with their pre and postconditions is also presented. Together, this would facilitate practical deployment and security analysis of TRBAC systems.
KW - Administrative command
KW - Administrative model
KW - Role enabling base assignment
KW - Role hierarchy
KW - Temporal RBAC
UR - http://www.scopus.com/inward/record.url?scp=84888862190&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84888862190&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2013.07.005
DO - 10.1016/j.cose.2013.07.005
M3 - Article
AN - SCOPUS:84888862190
SN - 0167-4048
VL - 39
SP - 201
EP - 218
JO - Computers and Security
JF - Computers and Security
IS - PART B
ER -