Information Technology Reference
In-Depth Information
3.3
Time Interval Access Graph
ϕ
The TIAC model introduces the time interval
access graph,
is a consistent
instantiation of a three-vertex IA network
that defines access constraints on the temporal
relations between subjects and objects, and a reference time interval (
ϕ
.
ϕ
τ
ref
). A consistent
version of any three-node access graph can be efficiently determined [1, 2, 3].
Definition 2 (Time Interval Access Graph
ϕ
).
The time interval access graph
ϕ
is a
consistent instantiation of a three-vertex IA network
G
= (
V
,
E
) where
:
V
{
s
.
τ
,
o
.
τ
,
τ
ref
}
E
{(
s
.
τ
,
o
.
τ
), (
τ
ref
,
s
.
τ
), (
τ
ref
,
o
.
τ
)}
R
{
<
,
>
,
d
,
di
,
o
,
oi
,
m
,
mi
,
s
,
si
,
f
,
fi
,
=
}
∪
∅
γ
:
E
→℘
(
R
)
a disjunctive set function that specifies the temporal
relations allowed between a pair of vertices
For example,
ϕ
could be instantiated with the following:
s
.
τ
= [5, 20),
o
.
τ
= [10, 15), and
τ
ref
= [11, 12)
γ
(
s
.
τ
,
o
.
τ
) = {
includes
},
γ
(
τ
ref
,
s
.
τ
) = {
starts
∨
during
}, and
γ
(
τ
ref
,
o
.
τ
) = {
during
}
3.4
Temporal Authorizations
Policies often distinguish between different “modes” in which a subject may access
an object (e.g., observe, modify, execute, append). A
temporal authorization
A
τ
,
is a
mapping of a subject-object pair to a set of mode-
pairs, which completely defines
the temporal authorization policy for the subject with respect to that object. For
simplicity of presentation, it is assumed herein that there is only one mode-
ϕ
ϕ
pair per
subject-object pair.
Definition 3 (Temporal Authorization).
A temporal authorization
A
τ
is defined as a
4-tuple (s, o, m,
ϕ
) where:
s
∈
S
τ
temporal subject
o
∈
O
τ
temporal object
m
⊂
M
allowed mode(s) of access
ϕ
time interval access graph that describes the temporal restrictions
on the use of o
) states that a subject
s
is allowed
m
access
to object
o
as restricted by the time interval access graph
A temporal authorization
A
τ
= (
s, o, m,
ϕ
ϕ
. For a given policy
instantiation,
Ω
τ
is the set of temporal authorizations.
3.5
Access Requests
A temporal subject, to gain access to a temporal object, initiates an
access request
for
a given
mode
of access to occur at a particular time. In the most general form,
temporal requests would specify an arbitrary time in the past, present and future. For
simplicity in this discussion, requests will be characterized relative to
now.
τ
. There
