Information Technology Reference
In-Depth Information
3
TIAC Model
The TIAC model provides a formal semantic framework to extend existing
authorization models with policies (e.g., restrictions) regarding the temporal
relationships between subjects (e.g., user), objects (e.g., data) and the
time of access
.
In this section, a discussion of time and intervals provides a foundation for the
TIAC model. Then the elements that make up the TIAC model are described. These
elements are: 1) temporal entities, 2) the time interval access graph, 3) temporal
authorizations, 4) access requests, and 5) the evaluation of access requests.
3.1
Time and Intervals
Time is assumed to be a set of discrete points,
T
, which is isomorphic to the natural
numbers and is linearly ordered with respect to the < relation. Points in
T
are used in
representing time intervals.
Time intervals are represented using half-open intervals denoted as
= [
t
-,
t
+)
where
t
- <
t
+. Half-open intervals are used so that there are no semantic ambiguities
about the point where two time intervals meet. A
unit time interval
is the smallest
expressible interval. It has a duration of one where
t
+ =
t
- + 1. When referring to the
current
time a unit time interval is used. For discussion purposes, the current time will
be referred to as
now.
τ
= [
now-
,
now+
).
Time intervals are associated with subjects and objects, and temporal access
control policies (restrictions regarding the relationships between intervals) are
reasoned about using interval algebra.
τ
where
now.
τ
3.2
Temporal Entities
Temporal entities are represented using the concept of subjects and objects similar to
those discussed by Graham et al., Lampson, and Weissman [8, 9, 10]. Subjects and
objects each have an associated time interval (attribute), which is used for making
access control decisions.
In the following definitions,
S
τ
={
s
1
, s
2
,…s
n
} is the set of temporal subjects, and
O
τ
={
o
1
,o
2
,…o
n
} is the set of temporal objects (i.e., the passive entities that hold data
or information and are accessed by temporal subjects).
Definition 1 (Temporal Object, Temporal Subject).
A temporal entity
α
is an
object o
∈
O
τ
, or a subject s
∈
S
τ
, with which is associated a time interval
τ
=
[
t-, t+
)
where:
α
.
τ
designates the time interval associated with
α
α
.t-
designates the time point at the beginning of interval
α
.
τ
α
.t+
designates the time point at the end of interval
α
.
τ
The time interval associated with a subject or object may be used to describe
access constraints based on a temporal policy. For example, a time interval could be
used to represent when a subject is valid or when an object may be accessed. Using
interval algebra, it is possible to express policies regarding the temporal relations
between a subject, an object, and a reference time interval such as
now.
τ
.