An Administrative Model for Spatio-Temporal Role Based Access Control

In the present computing environment, access control decisions are often based on contextual information like the location of users and objects as well as the time of making an access request. Several variants of Role based Access Control RBAC have recently been proposed that support spatio-temporal policy specifications. However, unlike the administrative models available for RBAC, there is no reported literature on complete administrative models for spatio-temporal role based access control. In this paper, we introduce an administrative model for the recently proposed ESTARBAC Enhanced Spatio-temporal Role based Access Control model and name it as ADMINESTAR Administrative model for Enhanced Spatio-Temporal Role based Access Control. ADMINESTAR defines a broad range of administrative rules and administrative operations. An instance of the set of administrative rules frames the currently effective administrative policy for the system. Administrative rules specify which administrative role can change which ESTARBAC entity. These ESTARBAC entities together define the system state which can be changed by administrative operations upon their successful execution under the control of defined administrative policies. ADMINESTAR would help in practical deployment of spatio-temporal role based access control systems and also provide a means for their formal security analysis.

[1]  Manachai Toahchoodee,et al.  On the formalization and analysis of a spatio-temporal role-based access control model , 2011, J. Comput. Secur..

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[4]  Sylvia L. Osborn Mandatory access control and role-based access control revisited , 1997, RBAC '97.

[5]  Shamik Sural,et al.  STARBAC: Spatio temporal Role Based Access C ontrol , 2007, OTM Conferences.

[6]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, OTM Confederated International Conferences CoopIS, DOA, ODBASE, GADA, and IS 2007, Vilamoura, Portugal, November 25-30, 2007, Proceedings, Part II , 2007, OTM Conferences.

[7]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[8]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[9]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[10]  Manachai Toahchoodee,et al.  A Spatio-temporal Role-Based Access Control Model , 2007, DBSec.

[11]  Manachai Toahchoodee,et al.  Using alloy to analyse a spatio-temporal access control model supporting delegation , 2009, IET Inf. Secur..

[12]  Ninghui Li,et al.  Administration in role-based access control , 2007, ASIACCS '07.

[13]  Shamik Sural,et al.  Role Based Access Control with Spatiotemporal Context for Mobile Applications , 2009, Trans. Comput. Sci..

[14]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[15]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[16]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[17]  Indrakshi Ray,et al.  LRBAC: A Location-Aware Role-Based Access Control Model , 2006, ICISS.