On the representation of infinite temporal data and queries (extended abstract)
PODS '91 Proceedings of the tenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
The well-founded semantics for general logic programs
Journal of the ACM (JACM)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Maintaining views incrementally
SIGMOD '93 Proceedings of the 1993 ACM SIGMOD international conference on Management of data
A temporal authorization model
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Deriving Production Rules for Incremental View Maintenance
VLDB '91 Proceedings of the 17th International Conference on Very Large Data Bases
Strategic directions in electronic commerce and digital libraries: towards a digital agora
ACM Computing Surveys (CSUR) - Special ACM 50th-anniversary issue: strategic directions in computing research
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Controlled access and dissemination of XML documents
Proceedings of the 2nd international workshop on Web information and data management
An authorization model for temporal data
Proceedings of the 7th ACM conference on Computer and communications security
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
An authorization model for temporal and derived data: securing information portals
ACM Transactions on Information and System Security (TISSEC)
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
A Content-Based Authorization Model for Digital Libraries
IEEE Transactions on Knowledge and Data Engineering
Supporting Periodic Authorizations and Temporal Reasoning in Database Access Control
VLDB '96 Proceedings of the 22th International Conference on Very Large Data Bases
TRBAC: A Temporal Authorization Model
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Data Protection by Logic Programming
CL '00 Proceedings of the First International Conference on Computational Logic
Reasoning with Open Logic Programs
LPNMR '01 Proceedings of the 6th International Conference on Logic Programming and Nonmonotonic Reasoning
A Logical Framework for Reasoning on Data Access Control Policies
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Generalized Role-Based Access Control
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
Role-based access control in ambient and remote space
Proceedings of the ninth ACM symposium on Access control models and technologies
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
An Authorization Model for Geospatial Data
IEEE Transactions on Dependable and Secure Computing
Relevancy based access control of versioned XML documents
Proceedings of the tenth ACM symposium on Access control models and technologies
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Multimedia Tools and Applications
Relevancy-based access control and its evaluation on versioned XML documents
ACM Transactions on Information and System Security (TISSEC)
Towards the development of privacy-aware systems
Information and Software Technology
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
Towards a times-based usage control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Modeling of the role-based access control policy with constraints using description logic
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
Law-aware access control: about modeling context and transforming legislation
JSAI-isAI'09 Proceedings of the 2009 international conference on New frontiers in artificial intelligence
Comparison-based encryption for fine-grained access control in clouds
Proceedings of the second ACM conference on Data and Application Security and Privacy
Implementation of access control model for distributed information systems using usage control
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
| Hi-index | 0.00 |
This paper presents a discretionary access control model in which authorizations contain temporal intervals of validity. An authorization is automatically revoked when the associated temporal interval expires. The proposed model provides rules for the automatic derivation of new authorizations from those explicitly specified. Both positive and negative authorizations are supported. A formal definition of those concepts is presented in the paper, together with the semantic interpretation of authorizations and derivation rules as clauses of a general logic program. Issues deriving from the presence of negative authorizations are discussed. We also allow negation in rules: it is possible to derive new authorizations on the basis of the absence of other authorizations. The presence of this type of rules may lead to the generation of different sets of authorizations, depending on the evaluation order. An approach is presented, based on establishing an ordering among authorizations and derivation rules, which guarantees a unique set of valid authorizations. Moreover, we give an algorithm detecting whether such an ordering can be established for a given set of authorizations and rules. Administrative operations for adding, removing, or modifying authorizations and derivation rules are presented and efficiency issues related to these operations are also tackled in the paper. A materialization approach is proposed, allowing to efficiently perform access control.