• PDF / 368,039 Bytes
• 16 Pages / 430 x 660 pts Page_size
• 107 Downloads / 144 Views

DOWNLOAD

REPORT

School of Information Technology Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur, India {subhendu@sit,shamik@sit,akmj@cse}.iitkgp.ernet.in 2

Abstract. Role Based Access Control (RBAC) has emerged as an important access control paradigm in computer security. However, the access decisions that can be taken in a system implementing RBAC do not include many relevant factors like user location, system location, system time, etc. We propose a spatiotemporal RBAC Model (STARBAC) which reasons in spatial and temporal domain in tandem. STARBAC control command enables or disables role based on spatiotemporal conditions. The new model is able to specify a number of different types of important access requirements not expressible in existing variations of RBAC model like GEORBAC and TRBAC. The specification language we present here is powerful enough to allow logical connectives like AND (∧) and OR (∨) over spatiotemporal conditions. Keywords: Access control, STARBAC, spatiotemporal reference, role command, spatiotemporal satisfiability.

1

Introduction

Access control models are of prime interest in Computer Security. The models are meant to express various complex access control needs relevant to resource protection in real world. In this respect, Role Based Access Control Model (RBAC) has been found to be more useful compared to other access control models like Lattice based access control and Matrix based access control. The main advantage of RBAC is the organization power of role. Roles are found to be inherently natural [1] and they express a single unit of job function in an organization. But when mediating resource access request from a user, the decision also depends on criteria other than only user’s membership in role as proposed in RBAC [2,3]. The final decision whether to allow or deny one request often depends on factors like ”where the user is”, ”what the current time is”, ”how much the resource load is”, etc. Let us try to get the idea clear with a real world example. Suppose a college authority has set an access policy like ”Students should be allowed to download bulk data from the Internet only at night ” or parents at smart home want ”Children should watch only movie rated G on living room television”. The standard RBAC model [1,4] has been found to be incapable of handling such R. Meersman and Z. Tari et al. (Eds.): OTM 2007, Part II, LNCS 4804, pp. 1567–1582, 2007. c Springer-Verlag Berlin Heidelberg 2007 

1568

S. Aich, S. Sural, and A.K. Majumdar

requirements. Two most crucial factors on which any access decision depends heavily are location and time. The dependency may be both on user location and resource location (especially when an object is mobile in nature). Similarly, both current user time and resource time could be important when the entities are situated geographically apart at different time zones. The influence of spatial context and system time in RBAC access decision has been studied extensively [5,11,13,14,15]. Various models have been proposed extend

Recommend Documents

On matrix-valued wave packet frames in $$L^2({\mathbb {R}}^d, {\mathbb {C}}^{s\times r})$$ L 2 ( R d , C s

187 61 408KB

Higher spin $${{\mathfrak {s}}}{{\mathfrak {l}}}_2$$ s l 2 R -matrix from equivariant (co)homology

144 30 533KB

ER 2 C SDMLC: e nterprise r elease r isk- c entric s ystems d evelopment and m aintenance l ife c ycle

144 62 926KB

COM/OLE

140 5 239KB

A Characterization of Harmonic $$L^r$$ L r -Vector Fields in Two-Dimensional Exterior Domains

152 39 349KB

M R S Europe

179 87 140KB

Hepatitis Types A, B, C

178 60 35MB

Crumlin-Pedersen, Ole

128 15 449MB

B-S (Boron-Sulfur)

165 104 191KB

Basic: B io-Inspired A ssembly of S emiconductor I ntegrated C ircuitsod]20110317

129 29 669KB

Letter to the Editor in Response to: Liu C, Luan J, Ouyang Y, Zhuang Y, Xu B, Chen L, Li S, Fu S, Xin M. Breast Reconstr

108 29 165KB

Correction to: On the $$L^{r}$$ L r Hodge theory in complete non compact Riemannian manifolds

160 103 189KB