Temporal authorization bases: From specification to integration.
Saved in:
| Title: | Temporal authorization bases: From specification to integration. |
|---|---|
| Authors: | Bertino, Elisa, Bonatti, Piero Andrea, Ferrari, Elena, Sapino, Maria Luisa |
| Source: | Journal of Computer Security. 2000, Vol. 8 Issue 4, p309. 45p. 1 Black and White Photograph, 8 Diagrams. |
| Subjects: | Distributed operating systems (Computers), Database security, Algorithms |
| Abstract: | In this paper we present a powerful authorization mechanism which provides support for: (1) periodic authorizations (both positive and negative), that is, authorizations that hold only in specific periods of time; (2) user-defined deductive temporal rules, by which new authorizations can be derived from those explicitly specified; (3) a hierarchical organization of subjects and objects, supporting a more adequate representation of their semantics. From the authorizations explicitly specified, additional authorizations are automatically derived by the system based on those hierarchies. The resulting model is therefore very flexible in terms of the kinds of protection requirements that it can represent. The flexibility provided to the users requires a non trivial underlying formal model where temporal constraints, derivation rules and object and subject hierarchies can be represented. In particular, when inheritance and derivation rules are used simultaneously, there is need for conditions ensuring that the authorization base is free from ambiguities. In this paper, we introduce a notion of safeness, and prove that it guarantees the absence of ambiguities and inconsistencies in the specification. Moreover, we define an efficient algorithm for computing authorizations from safe specifications. Finally, we provide a methodology for supporting temporal authorizations in heterogeneous, distributed systems. [ABSTRACT FROM AUTHOR] |
| Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
| FullText | Links: – Type: pdflink Text: Availability: 0 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 3995994 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Temporal authorization bases: From specification to integration. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Bertino%2C+Elisa%22">Bertino, Elisa</searchLink><br /><searchLink fieldCode="AR" term="%22Bonatti%2C+Piero+Andrea%22">Bonatti, Piero Andrea</searchLink><br /><searchLink fieldCode="AR" term="%22Ferrari%2C+Elena%22">Ferrari, Elena</searchLink><br /><searchLink fieldCode="AR" term="%22Sapino%2C+Maria+Luisa%22">Sapino, Maria Luisa</searchLink> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Journal+of+Computer+Security%22">Journal of Computer Security</searchLink>. 2000, Vol. 8 Issue 4, p309. 45p. 1 Black and White Photograph, 8 Diagrams. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Distributed+operating+systems+%28Computers%29%22">Distributed operating systems (Computers)</searchLink><br /><searchLink fieldCode="DE" term="%22Database+security%22">Database security</searchLink><br /><searchLink fieldCode="DE" term="%22Algorithms%22">Algorithms</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: In this paper we present a powerful authorization mechanism which provides support for: (1) periodic authorizations (both positive and negative), that is, authorizations that hold only in specific periods of time; (2) user-defined deductive temporal rules, by which new authorizations can be derived from those explicitly specified; (3) a hierarchical organization of subjects and objects, supporting a more adequate representation of their semantics. From the authorizations explicitly specified, additional authorizations are automatically derived by the system based on those hierarchies. The resulting model is therefore very flexible in terms of the kinds of protection requirements that it can represent. The flexibility provided to the users requires a non trivial underlying formal model where temporal constraints, derivation rules and object and subject hierarchies can be represented. In particular, when inheritance and derivation rules are used simultaneously, there is need for conditions ensuring that the authorization base is free from ambiguities. In this paper, we introduce a notion of safeness, and prove that it guarantees the absence of ambiguities and inconsistencies in the specification. Moreover, we define an efficient algorithm for computing authorizations from safe specifications. Finally, we provide a methodology for supporting temporal authorizations in heterogeneous, distributed systems. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Journal of Computer Security is the property of Sage Publications Inc. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=3995994 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.3233/JCS-2000-8404 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 45 StartPage: 309 Subjects: – SubjectFull: Distributed operating systems (Computers) Type: general – SubjectFull: Database security Type: general – SubjectFull: Algorithms Type: general Titles: – TitleFull: Temporal authorization bases: From specification to integration. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Bertino, Elisa – PersonEntity: Name: NameFull: Bonatti, Piero Andrea – PersonEntity: Name: NameFull: Ferrari, Elena – PersonEntity: Name: NameFull: Sapino, Maria Luisa IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 12 Text: 2000 Type: published Y: 2000 Identifiers: – Type: issn-print Value: 0926227X Numbering: – Type: volume Value: 8 – Type: issue Value: 4 Titles: – TitleFull: Journal of Computer Security Type: main |
| ResultId | 1 |