Information Technology Reference
In-Depth Information
visiting the results obtained so far, Sandhu [11] and Soshi [14] expanded the
HRU model by typing subjects and objects. The papers [3,5,12] formulated role-
based access control, RBAC, a model within which the right for a subject to
have access to an object depends both on the roles assigned to the subject and
on the permissions allocated to the object. In this connection see also [4]. RBAC
has recently attracted a great deal of attention. However, nothing is known
about role-based protection systems for which the safety problem is decidable.
An interesting extensions of HRU is HRU with explicit prohibitions saying that
“subject
s
has not right
r
on object
o
”. The essential ingredients of this variant of
the HRU model have been introduced by Sandhu and Ganta [13]. Nevertheless,
nothing is known about protection systems with explicit prohibitions for which
the safety problem is decidable. In [10], an access control mechanism based on
Boolean expression evaluation, BEE, is presented. This mechanism defines ele-
ments of the matrix to be sets of pairs of the form (
r, B
)where
r
is a right and
B
is a Boolean expression. Whenever subject
s
attempts to
r
-access object
o
,the
Boolean expression associated with
r
in element (
s, o
) of the matrix is evaluated:
if it is true, access is allowed. Yet, nothing is known about protection systems
with Boolean expression evaluation for which the safety problem is decidable.
In practice, computer systems provide primitives such as “
date
”whichcor-
responds to the current date and “
time
” which corresponds to the current time.
Incorporating them into access decisions based on BEE would afford an excel-
lent example of an access control matrix whose elements depend on temporal
requirements. Since temporal requirements are involved in every aspect of human
activity and computing, it becomes essential to develop protection systems which
can take temporal constraints into account. The temporal role-based access con-
trol model proposed by Bertino, Bonatti, and Ferrari [1] provides support for
periodic role enabling and disabling whereas the temporal data authorization
model proposed by Gal and Atluri [6] is able to express access control poli-
cies based on the temporal characteristics of data. In this paper we investigate
the description of a HRU model incorporating temporal constraints saying that
“subject
s
has right
r
on object
o
since at least duration
d
”. The bulk of this
paper is devoted to the problem of trying to characterize the borderline between
decidable and undecidable cases of the safety problem for HRU with temporal
constraints. Before we proceed with the next sections, let us briefly describe
their contents. Section 2 presents the concept of protection state in matrix form
and defines a set of primitive operations that alter the access control matrix of
computer systems. Section 3 deals with HRU protection systems and examines
under what conditions the classical safety problem for access control matrices
becomes decidable. Section 4 expands the HRU model by incorporating tem-
poral constraints and extends the concept of safety defined within the context
of HRU protection systems to the concept of timed safety. Section 5 considers
under what conditions the timed safety problems defined within the context of
timed protection systems become decidable.
