• Media type: E-Article
  • Title: TRBAC : A temporal role-based access control model : A temporal role-based access control model
  • Contributor: Bertino, Elisa; Bonatti, Piero Andrea; Ferrari, Elena
  • Published: Association for Computing Machinery (ACM), 2001
  • Published in: ACM Transactions on Information and System Security, 4 (2001) 3, Seite 191-233
  • Language: English
  • DOI: 10.1145/501978.501979
  • ISSN: 1094-9224; 1557-7406
  • Origination:
  • Footnote:
  • Description: Role-based access control (RBAC) models are receiving increasing attention as a generalized approach to access control. Roles may be available to users at certain time periods, and unavailable at others. Moreover, there can be temporal dependencies among roles. To tackle such dynamic aspects, we introduce Temporal-RBAC (TRBAC), an extension of the RBAC model. TRBAC supports periodic role enabling and disabling---possibly with individual exceptions for particular users---and temporal dependencies among such actions, expressed by means of role triggers. Role trigger actions may be either immediately executed, or deferred by an explicitly specified amount of time. Enabling and disabling actions may be given a priority, which is used to solve conflicting actions. A formal semantics for the specification language is provided, and a polynomial safeness check is introduced to reject ambiguous or inconsistent specifications. Finally, a system implementing TRBAC on top of a conventional DBMS is presented.