Temporal authorization bases: From specification to integration.

Saved in:
Bibliographic Details
Title: Temporal authorization bases: From specification to integration.
Authors: Bertino, Elisa, Bonatti, Piero Andrea, Ferrari, Elena, Sapino, Maria Luisa
Source: Journal of Computer Security. 2000, Vol. 8 Issue 4, p309. 45p. 1 Black and White Photograph, 8 Diagrams.
Subjects: Distributed operating systems (Computers), Database security, Algorithms
Abstract: In this paper we present a powerful authorization mechanism which provides support for: (1) periodic authorizations (both positive and negative), that is, authorizations that hold only in specific periods of time; (2) user-defined deductive temporal rules, by which new authorizations can be derived from those explicitly specified; (3) a hierarchical organization of subjects and objects, supporting a more adequate representation of their semantics. From the authorizations explicitly specified, additional authorizations are automatically derived by the system based on those hierarchies. The resulting model is therefore very flexible in terms of the kinds of protection requirements that it can represent. The flexibility provided to the users requires a non trivial underlying formal model where temporal constraints, derivation rules and object and subject hierarchies can be represented. In particular, when inheritance and derivation rules are used simultaneously, there is need for conditions ensuring that the authorization base is free from ambiguities. In this paper, we introduce a notion of safeness, and prove that it guarantees the absence of ambiguities and inconsistencies in the specification. Moreover, we define an efficient algorithm for computing authorizations from safe specifications. Finally, we provide a methodology for supporting temporal authorizations in heterogeneous, distributed systems. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 3995994
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Temporal authorization bases: From specification to integration.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Bertino%2C+Elisa%22">Bertino, Elisa</searchLink><br /><searchLink fieldCode="AR" term="%22Bonatti%2C+Piero+Andrea%22">Bonatti, Piero Andrea</searchLink><br /><searchLink fieldCode="AR" term="%22Ferrari%2C+Elena%22">Ferrari, Elena</searchLink><br /><searchLink fieldCode="AR" term="%22Sapino%2C+Maria+Luisa%22">Sapino, Maria Luisa</searchLink>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Computer+Security%22">Journal of Computer Security</searchLink>. 2000, Vol. 8 Issue 4, p309. 45p. 1 Black and White Photograph, 8 Diagrams.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Distributed+operating+systems+%28Computers%29%22">Distributed operating systems (Computers)</searchLink><br /><searchLink fieldCode="DE" term="%22Database+security%22">Database security</searchLink><br /><searchLink fieldCode="DE" term="%22Algorithms%22">Algorithms</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: In this paper we present a powerful authorization mechanism which provides support for: (1) periodic authorizations (both positive and negative), that is, authorizations that hold only in specific periods of time; (2) user-defined deductive temporal rules, by which new authorizations can be derived from those explicitly specified; (3) a hierarchical organization of subjects and objects, supporting a more adequate representation of their semantics. From the authorizations explicitly specified, additional authorizations are automatically derived by the system based on those hierarchies. The resulting model is therefore very flexible in terms of the kinds of protection requirements that it can represent. The flexibility provided to the users requires a non trivial underlying formal model where temporal constraints, derivation rules and object and subject hierarchies can be represented. In particular, when inheritance and derivation rules are used simultaneously, there is need for conditions ensuring that the authorization base is free from ambiguities. In this paper, we introduce a notion of safeness, and prove that it guarantees the absence of ambiguities and inconsistencies in the specification. Moreover, we define an efficient algorithm for computing authorizations from safe specifications. Finally, we provide a methodology for supporting temporal authorizations in heterogeneous, distributed systems. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=3995994
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.3233/JCS-2000-8404
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 45
        StartPage: 309
    Subjects:
      – SubjectFull: Distributed operating systems (Computers)
        Type: general
      – SubjectFull: Database security
        Type: general
      – SubjectFull: Algorithms
        Type: general
    Titles:
      – TitleFull: Temporal authorization bases: From specification to integration.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Bertino, Elisa
      – PersonEntity:
          Name:
            NameFull: Bonatti, Piero Andrea
      – PersonEntity:
          Name:
            NameFull: Ferrari, Elena
      – PersonEntity:
          Name:
            NameFull: Sapino, Maria Luisa
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 12
              Text: 2000
              Type: published
              Y: 2000
          Identifiers:
            – Type: issn-print
              Value: 0926227X
          Numbering:
            – Type: volume
              Value: 8
            – Type: issue
              Value: 4
          Titles:
            – TitleFull: Journal of Computer Security
              Type: main
ResultId 1