Information Technology Reference
In-Depth Information
Foundation for a Time Interval Access Control Model
Francis B. Afinidad, Timothy E. Levin, Cynthia E. Irvine, and Thuy D. Nguyen
Computer Science Department, Naval Postgraduate School
Monterey, CA 93943, USA
{fbafinid, levin, irvine, tdnguyen}@nps.edu
Abstract.
A new model for representing temporal access control policies is
introduced. In this model, temporal authorizations are represented by time
attributes associated with both subjects and objects, and a “time interval access
graph.” The time interval access graph is used to define constraints on the
temporal relations between subjects and objects. Interval algebra is used to
define and analyze the time interval access graph.
1
Introduction
In many commercial and military environments, time is often a critical factor for
making decisions regarding authorization or access to information. The value or
sensitivity of data and processes has become more dependent upon time attributes.
Thus, future information systems will need to support system-wide security policies
that incorporate time as a decision factor. To this end, a
Time Interval Access Control
(TIAC) model has been developed.
A significant contribution of the TIAC model is that it provides formal semantics
to express temporal authorization policies, in which temporal attributes of subjects
and objects are used to determine authorized accesses. The TIAC model differs from
previously proposed models such as the
Temporal Authorization Model
by Bertino et
al. [5, 6] and the
Temporal Data Authorization Model
by Gal and Atluri [4, 7],
primarily in its ability to specify temporal relations between subjects and objects.
Another contribution of the TIAC model is that it is the first use of interval algebra
[3] to express a temporal access control policy. This algebra provides the necessary
expressive power to logically describe a temporal access control policy, and a precise
and efficient way to computationally reason about the temporal relation between
subjects and objects and associated access constraints. Policy enforcement
mechanisms and the modeling of the effectiveness of those mechanisms with respect
to the type of temporal authorizations describable in TIAC are outside of the scope of
this paper (see [1]).
A brief discussion of interval algebra is presented in Section 2. Section 3 provides
a description of the TIAC model, where we establish the definition of time intervals
and discuss the formal semantics used for representing temporal authorizations and
access requests. Finally, future work and conclusions are presented in Section 4.
