Safeness Discussions on TRBAC and GTRBAC Model and an Improved Temporal Role-Based Access Control Model

Abstract

Bertino et al. propose a temporal Role-based Access Control (TRBAC) model, and Joshi et al. propose a Generalized TRBAC (GTRBAC) model based on TRBAC. Some periodic constraints and duration constraints are introduced to express the corresponding time-based access control policy semantics and enhance the expressiveness of the temporal RBAC model. We have analyzed the TRBAC and GTRBAC models and pointed out that the sufficient conditions for guaranteeing the safeness of the GTRBAC model was not comprehensive, so we have analyzed the reasons and designed a process rule to solve the safety problem. In this paper, an improved process rule is designed to solve the safety problem. In addition, a fault about translating a dependent trigger of TRBAC into an Oracle trigger is analyzed. In order to ensure the temporal RBAC model better, an Improved Generalized Temporal Role-based Access Control (IGTRBAC) based on the TRBAC and GTRBAC models is put forward. The two proposed restrictions in the IGTRBAC model are used to resolve the security problems caused by the dependent trigger and the cardinality constraint on role activation. At last, case study shows that the IGTRBAC model is safe.