Decentralized administration for a temporal access control model

Bertino, E.; Bettini, C.; Ferrari, E.; Samarati, P.

doi:10.1016/S0306-4379(97)00013-6

In this paper we present a temporal access control model that provides for decentralized administration of authorizations. Each access authorization, negative or positive, is associated with a time interval limiting its validity. When the interval expires, the authorization is automatically revoked. The model also permits the specification of rules, based on four different temporal operators, to derive additional authorizations from the presence or absence of other authorizations. Users creating objects can retain complete control over their objects or delegate other users the privilege of administering accesses on the objects. Delegation can also be selectively enforced with reference to specific access modes or time intervals. The resulting model provides a high degree of flexibility and allows to express several protection requirements which cannot be expressed in traditional access control models.

Decentralized administration for a temporal access control model / E. Bertino, C. Bettini, E. Ferrari, P. Samarati. - In: INFORMATION SYSTEMS. - ISSN 0306-4379. - 22:4(1997 Jun), pp. 223-248.

Decentralized administration for a temporal access control model

E. Bertino^Primo;C. Bettini^Secondo;E. Ferrari;P. Samarati^Ultimo

1997

Abstract

In this paper we present a temporal access control model that provides for decentralized administration of authorizations. Each access authorization, negative or positive, is associated with a time interval limiting its validity. When the interval expires, the authorization is automatically revoked. The model also permits the specification of rules, based on four different temporal operators, to derive additional authorizations from the presence or absence of other authorizations. Users creating objects can retain complete control over their objects or delegate other users the privilege of administering accesses on the objects. Delegation can also be selectively enforced with reference to specific access modes or time intervals. The resulting model provides a high degree of flexibility and allows to express several protection requirements which cannot be expressed in traditional access control models.

Scheda breve

Scheda completa

Scheda completa (DC)

	Parole chiave
	
			Access Control; Authorization Administration; Database Management; Database Security; Temporal Authorization
		
	Settori scientifico-disciplinari dell'articolo
	
			Settore INF/01 - Informatica
		
	Data di pubblicazione
	
			giu-1997
		
	Rivista in ANCE
	
			INFORMATION SYSTEMS
		
	DOI
	
			https://dx.doi.org/10.1016/S0306-4379(97)00013-6
		
	Tipologia
	
			Article (author)
		
	Appare nelle tipologie:
	
			01 - Articolo su periodico

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/179738

Citazioni

ND

3

1

IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca