An authorization model for temporal and derived data: securing information portals

  • Authors:
  • Vijayalakshmi Atluri;Avigdor Gal

  • Affiliations:
  • Rutgers University, Newark, NJ;Rutgers University, Newark, NJ

  • Venue:
  • ACM Transactions on Information and System Security (TISSEC)
  • Year:
  • 2002

Quantified Score

Hi-index 0.00

Visualization

Abstract

The term information portals refers to Web sites that serve as main providers of focused information, gathered from distributed data sources. Gathering and disseminating information through information portals introduce new security challenges. In particular, the authorization specifications, as well as the granting process, are temporal by nature. Also, more often than not, the information provided by the portal is in fact derived from more than one backend data source. Therefore, any authorization model for information portals should support access control based on temporal characteristics of the data, and also should provide tools to prevent indirect unauthorized access through the use of derived data. In this article we focus our attention on devising such an authorization model. The distinguishing features of this model include: (1) the specification of authorizations based on temporal characteristics of data, and (2) a formal framework to derive authorizations in a consistent and safe manner, based on relationships among data.