A fine-grained time-constraint role-based access control using OCL

The user-role and role-permission mappings are two of the most important process of the access control. Most of the present access control model lack of considering the time constraints. This paper presents a novel access control model with fine-grained time-constrains expressed by OCL (Object Constraints Language). First, we define several terms such as time points and time span which have flexible granularity. Second, four kinds of time constraints are proposed. At last, we illustrate some useful applications with the four time constraints using OCL. Through adding fine-grained time constraints on the entities and the mapping operations in the access control model, we can conclude that our access model can adapt to the real applications freely and efficiently.

[1]  Rami Bahsoon,et al.  Interschema correspondence establishment in a cooperative OWL-based multi-information server grid environment , 2008, Inf. Sci..

[2]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification using Object Constraint Language , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[5]  Gail-Joon Ahn,et al.  Role-based authorization constraints specification , 2000, TSEC.

[6]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[7]  Elisa Bertino,et al.  Dependencies and separation of duty constraints in GTRBAC , 2003, SACMAT '03.

[8]  Dong Guang-yu Role-Based Authorization Constraint with Time Character , 2002 .