Skip to main content
SpringerLink
Log in

GTHBAC: A Generalized Temporal History Based Access Control Model

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

Time plays a crucial role in access control for new computing environments, which is not supported in traditional access control models. In this paper, we propose a Generalized Temporal History Based Access Control (GTHBAC) model, aimed at integrating history-based constraints along with a generic access control model. GTHBAC enhances the specification of user-defined authorization rules by constraining time interval and temporal expression over users’ history of accesses. Due to different application needs, GTHBAC uses two different time schemes, i.e., real time and logical time, in its authorization rules. A formal semantics for temporal authorizations is provided, and conflicting situations are also investigated and resolved in the model. To represent the applicability of the proposed model, an architecture for an access control system based on the model is proposed, and a case of employing the model in specifying and enforcing access control policies in a banking system is studied. The operators of GTHBAC are also compared with Linear Time Temporal Logic (LTL) operators to show the expressive power of the model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., & Fournet, C. (2003). Access control based on execution history. In Proceedings of the 10th annual network and distributed system security symposium (pp. 107–121).

  2. Bertino, E., Bettini, C., Ferrari, E., & Samarati, P. (1996). A temporal access control mechanism for database systems. IEEE Transactions on Knowledge Data Engineering, 8(1), 67–80.

    Article  Google Scholar 

  3. Bertino, E., Bettini, C., Ferrari, E., & Samarati, P. (1998). An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3), 231–285.

    Article  Google Scholar 

  4. Bertino, E., Bettini, C., & Samarati, P. (1994). A temporal authorization model. In Second ACM conference on computer and communications security (pp. 126–135), Fairfax, VA.

  5. Bertino, E., Bonatti, P. A., Ferrari, E., & Sapino, M. L. (2000). Temporal authorization bases: From specification to integration. Journal of Computer Security, 8, 309–353.

    Google Scholar 

  6. Bonatti, P., & Samarati, P. (2002). A unified framework for regulating access and information release on the web. Journal of Computer Security, 10(3), 241–272.

    Google Scholar 

  7. Brewer, D. F. C., & Nash, M. J. (1989). The chinese wall security policy. In IEEE symposium research in security and privacy (pp. 215–228). Los Alamitos: IEEE Comput. Soc.

    Google Scholar 

  8. Dias, P., Ribeiro, C., & Ferreira, P. (2003). Enforcing history-based security policies in mobile agent systems. In IEEE 4th international workshop on policies for distributed systems and networks.

  9. Edjlali, G., Acharya, A., & Chaudhary, V. (1998). History-based access control for mobile code. In 5th ACM conference on computer and communications security (pp. 38–48).

  10. Emerson, E. A. (1990). Temporal modal logic. In Handbook of theoretical computer science, B: Formal models and semantics (B) (pp. 997–1072). Cambridge: MIT Press.

    Google Scholar 

  11. ISO/IEC:10181-3 (1995). Information technology—open systems interconnection—security frameworks for open systems: Access control framework.

  12. Jajodia, S., Samarati, P., Sapino, M. L., & Subrahmanian, V. S. (2001). Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2), 214–260.

    Article  Google Scholar 

  13. Javanmardi, S., Amini, A., & Jalili, R. (2006). An access control model for protecting semantic web resources. In Web policy workshop (pp. 32–46), Athens, GA, USA.

  14. Javanmardi, S., Amini, A., Jalili, R., & Ganjisafar, Y. (2006). Sbac: “a semantic-based access control model”. In NORDSEC-2006.

  15. Moses, T. (2005). Extensible access control markup language, version 2.0 (Technical report). OASIS Standard.

  16. Ravari, A. N., Amini, M., & Jalili, R. (2008). A semantic aware access control model with real time constraints on history of accesses. In 3rd international workshop on secure information systems (SIS’08), Poland, Wisla. IEEE Digital Library.

  17. Ravari, A. N., Amini, M., & Jalili, R. (2008). A temporal semantic based access control model. In 13th Int’l CSI computer conference (CSICC’08), Kish island, Iran.

  18. Ravari, A. N., Amini, M., Jalili, R., & Jafarian, J. H. (2008). A semantic aware history based access control model using logical time approach.

  19. Ruan, C. (2003). Decentralized temporal authorization administration (Technical Report CIT/27/2003).

  20. Samarati, P., & Vimercati, S. (2001). Access control: Policies, models, and mechanisms. In Lecture notes in computer science : Vol. 2171. Foundations of security analysis and design (FOSAD), Bertinoro, Italy (pp. 137–196). Berlin: Springer.

    Chapter  Google Scholar 

  21. Thomas, R. K., & Sandhu, R. S. (1997). Task-based authorization controls (tbac): A family of models for active and enterprise-oriented authorization management. In IFIP WG11 (pp. 166–181).

Download references

Author information

Authors and Affiliations

  1. Sharif Network Security Center, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran

    Ali Noorollahi Ravari, Jafar Haadi Jafarian, Morteza Amini & Rasool Jalili

Authors
  1. Ali Noorollahi Ravari
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jafar Haadi Jafarian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Morteza Amini
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rasool Jalili
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Noorollahi Ravari.

Additional information

This paper is partially supported by Iran Telecommunication Research Center (ITRC).

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ravari, A.N., Jafarian, J.H., Amini, M. et al. GTHBAC: A Generalized Temporal History Based Access Control Model. Telecommun Syst 45, 111–125 (2010). https://doi.org/10.1007/s11235-009-9239-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-009-9239-9

Search

Navigation