Supporting Periodic Authorizations and Temporal Reasoning in Database Access Control

Several formal models for database access control have been proposed. However, little attention has been paid to temporal issues like authorizations with limited validity or obtained by deductive reasoning with temporal constraints. We present an access control model in which authorizations contain periodic temporal intervals of validity. An authorization is automatically granted in the time intervals specified by a periodic expression and revoked when such intervals expire. Deductive temporal rules with periodicity and order constraints are provided to derive new authorizations based on the presence or absence of other authorizations in specific periods of time. We prove the uniqueness of the set of implicit authorizations derivable at a given instant from the explicit ones, and we propose an algorithm to compute the global set of valid authorizations. The resulting model provides a high degree of flexibility and allows to express several protection requirements that cannot be expressed in traditional access control models.