Information Technology Reference
In-Depth Information
are two types of access requests:
general access requests
and
duration access
requests
.
Definition 4 (General Access Request).
A general access request
R
g
τ
is a 4-tuple (s,
o, m, now.
τ
) where:
s
∈
S
τ
is a temporal subject
o
∈
O
τ
is a temporal object
m
⊂
M
is a mode(s) of access
now.
τ
is the time of access request
A general access request
R
g
τ
(
s
,
o
,
m
,
now.
τ
) states that a subject
s
requests
m
access
to object
o
at time
now
.
. Implicit in this form of request is that the subject would be
granted access for the maximum duration allowed by the access graph
τ
ϕ
associated
with
s
and
o
(if any exists).
Definition 5 (Duration Access Request).
A duration access request
R
d
τ
is a 5-tuple
(s, o, m, now.
τ
,
δ
) where:
s
∈
S
τ
is a temporal subject
o
∈
O
τ
is a temporal object
m
⊂
M
is the mode(s) of access
now.
τ
is the time of the access request
δ
is the requested duration of access
A duration access request
R
d
τ
(
s, o, m
,
now.
τ
,
δ
) states that a subject
s
requests
m
access to object
o
for a duration
δ
.
3.6
Evaluation of Access Requests
An access request is evaluated as follows: the set of temporal authorizations
Ω
τ
is
searched for a matching subject-object pair. If no match is found, access is denied. If
a match is found, the requested mode is compared to the allowed mode, and then the
time interval access graph
is interpreted relative to the requested interval, to grant or
deny access. This process is specified in the boolean functions
Eval_g
and
Eval_d
.
ϕ
Eval_g
(
R
g
τ
(
s
,
o
,
m
,
now
.
τ
)) ⇒
∃
(
s
′
,
o
′
,
m
′
,
ϕ
)
∈
Ω
τ
(
s = s
′
∧
o = o
′
∧
m
⊂
m
′
∧
ϕ
=
true when evaluated using
s
.
τ
,
o
.
τ
, and
now
.
τ
)
Eval_d
(
R
d
τ
(
s
,
o
,
m
,
now
.
τ
,
δ
)) ⇒
∃
(
s
′
,
o
′
,
m
′
,
ϕ
)
∈
Ω
τ
(
s = s
′
∧
o = o
′
∧
m
⊂
m
′
∧
ϕ
=
true when evaluated using
s
.
τ
,
o
.
τ
, and
now
.
τ
+
δ
)
Note:
now
.
τ
+
δ
= [
now-
,
now-
+
ϕ
)
4
Conclusion and Future Research
In this short paper, we have presented the TIAC model as a novel way to specify
temporal access control policies. This model is able to formally specify temporal
