Generalized Temporal Role Based Access Control Model (GTRBAC) Part II Expressiveness and Design Issues

The Generalized Temporal Role Based Access Control (GTRBAC) model introduces a large set oftemporal constraint expressions that facilitates the specification of a comprehensive accesscontrol policy. However, the issue of its expressiveness has not been investigated earlier. In thispaper, we present an exhaustive analysis of the expressiveness of the constructs provided byGTRBAC and prove that the set of constraints is not minimal by showing that there is a subset ofGTRBAC constraints that is sufficient to express all access constraints that can be expressedusing the full set. We formally present the minimality result for the GTRBAC constraint set andargue that, although the complete set of constraints in GTRBAC is not minimal, having such anextensive set is advantageous from the perspective of user convenience and the lower complexityof constraint representation. Based on our analysis, we present a set of design guidelines that canconsiderably enhance security management.