AMTRAC: An administrative model for temporal role-based access control

摘要

Over the years, Role Based Access Control (RBAC) has received significant attention in system security and administration. The Temporal Role Based Access Control (TRBAC) model is an extension of RBAC that allows one to specify periodic enabling and disabling of roles in a role enabling base (REB). While decentralized administration and delegation of administrative responsibilities in large RBAC systems is managed using an administrative role based access control model like ARBAC97, no administrative model for TRBAC has yet been proposed. In this paper, we introduce such a model and name it AMTRAC (Administrative Model for Temporal Role based Access Control). AMTRAC defines a broad range of relations that control user-role assignment, role-permission assignment, role-role assignment and role enabling base assignment. Since the first three are similar to those in ARBAC97, the role enabling base assignment component has been discussed in detail in this paper. The different ways by which role enabling conditions of regular roles can be modified are first explained. We then show how to specify which of the administrative roles are authorized to modify the role enabling conditions of any regular role. An exhaustive set of commands for authorization enforcement along with their pre and postconditions is also presented. Together, this would facilitate practical deployment and security analysis of TRBAC systems.