On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control

Liang Chen, Jason Crampton

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Citations (Scopus)

Abstract

Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.
Original languageEnglish
Title of host publicationProceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security
Place of PublicationNew York
PublisherACM Press
Pages205-216
Number of pages12
ISBN (Print)978-1-59593-979-1
DOIs
Publication statusPublished - 2008
EventProceedings of the 2008 ACM Symposium on Information, Computer and Communications Security - Tokyo, Japan
Duration: 18 Mar 200820 Mar 2008

Conference

ConferenceProceedings of the 2008 ACM Symposium on Information, Computer and Communications Security
CountryJapan
CityTokyo
Period18/03/0820/03/08

Fingerprint

Access control
Ubiquitous computing
Chemical activation
Semantics
Control systems

Cite this

Chen, L., & Crampton, J. (2008). On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security (pp. 205-216). New York: ACM Press. https://doi.org/10.1145/1368310.1368341

On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. / Chen, Liang; Crampton, Jason.

Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security . New York : ACM Press, 2008. p. 205-216.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, L & Crampton, J 2008, On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. in Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security . ACM Press, New York, pp. 205-216, Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, Tokyo, Japan, 18/03/08. https://doi.org/10.1145/1368310.1368341
Chen L, Crampton J. On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security . New York: ACM Press. 2008. p. 205-216 https://doi.org/10.1145/1368310.1368341
Chen, Liang ; Crampton, Jason. / On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security . New York : ACM Press, 2008. pp. 205-216
@inproceedings{be6dbfdad4be46ec819d1c2136d2ef51,
title = "On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control",
abstract = "Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.",
author = "Liang Chen and Jason Crampton",
year = "2008",
doi = "10.1145/1368310.1368341",
language = "English",
isbn = "978-1-59593-979-1",
pages = "205--216",
booktitle = "Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security",
publisher = "ACM Press",

}

TY - GEN

T1 - On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control

AU - Chen, Liang

AU - Crampton, Jason

PY - 2008

Y1 - 2008

N2 - Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.

AB - Pervasive computing environments have created a requirement for spatial- and temporal-aware access control systems. Although temporal, spatial and spatio-temporal role-based access control (RBAC) models have been developed, a family of simple, expressive and flexible models that convincingly addresses the interaction between spatio-temporal constraints and inheritance in RBAC does not yet exist. In this paper, we define three spatio-temporal models based on RBAC96 the de facto standard for RBAC, and extend these models to include activation and usage hierarchies. These models provide different authorization semantics, varying in the extent to which RBAC entities and relations are constrained by spatio-temporal restrictions. We introduce the notion of trusted entities, which are used to selectively override certain spatio-temporal restrictions. We also demonstrate that our spatio-temporal models are consistent and compatible with RBAC96 and the ANSI-RBAC standard, in contrast to existing models. Finally, we propose four approaches to encoding spatio-temporal requirements in practical applications that permit access requests to be answered efficiently.

U2 - 10.1145/1368310.1368341

DO - 10.1145/1368310.1368341

M3 - Conference contribution

SN - 978-1-59593-979-1

SP - 205

EP - 216

BT - Proceeding ASIACCS '08 Proceedings of the 2008 ACM symposium on Information, computer and communications security

PB - ACM Press

CY - New York

ER -