Supporting Periodic Authorizations and Temporal Reasoning in Database Access Control
نویسندگان
چکیده
Several formal models for database access control have been proposed. However, little attention has been paid to temporal issues like authorizations with limited validity or obtained by deductive reasoning with temporal constraints. We present an access control model in which authorizations contain periodic temporal intervals of validity. An authorization is automatically granted in the time intervals specified by a periodic expression and revoked when such intervals expire. Deductive temporal rules with periodicity and order constraints are provided to derive new authorizations based on the presence or absence of other authorizations in specific periods of time. We prove the uniqueness of the set of implicit authorizations derivable at a given instant from the explicit ones, and we propose an algorithm to compute the global set of valid authorizations. The resulting model provides a high degree of flexibility and allows to express several protection requirements that cannot be expressed in traditional access control models.
منابع مشابه
A Temporal Access Control Mechanism for Database Systems
This paper presents a discretionary access control model in which authorizations contain temporal intervals of validity. An authorization is automatically revoked when the associated temporal interval expires. The proposed model provides rules for the automatic derivation of new authorizations from those explicitly speci ed. Both positive and negative authorizations are supported. A formal de n...
متن کاملThe security architecture of IRO-DB
This paper describes the security architecture of the IRO-DB database federation, a system supporting interoperable access between relational and object-oriented databases. The security policy developed is a federated, administrative, discretionary access control policy supporting positive, negative, as well as implied authorizations. It includes a procedure for conflict resolution within the s...
متن کاملUsing Usage Control to Access XML Databases
XML documents usually contain private information that cannot be shared by every user communities. It is widely used in web environment. XML database is becoming increasingly important since it consists of XML documents. Several applications for supporting selective access to data are available over the web. Usage control has been considered as the next generation access control model with dist...
متن کاملTemporal Authorizations Scheme for XML Document
In a large networking system,to manage authorizations in a complicated XML documents system is very difficult. Recently, Access Policy Sheet (APS) [6] was introduced to provide a solution to access control for XML systems. In this paper, we proposed a temporal access control scheme in APS where the propagation of authorization rights is assumed.The authorization policies can be automatically re...
متن کاملUnified Index for Mobile Object Data and Authorizations
Often, enforcing security incurs overhead, and as a result may degrade the performance of a system. In this paper, we attempt to address this problem in the context of enforcing access control policies in a mobile data object environment. There are a number of applications that call for fine-grained specification of security policies in guaranteeing the confidentiality of data or privacy of ind...
متن کامل