Security analysis for temporal role based access control

Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today's organizations for enforcing security. For every model, it is necessary to analyze and prove that the corresponding system is secure. Such analysis helps understand the implications of security policies and helps organizations gain confidence on the control they have on resources while providing access, and devise and maintain policies.In this paper, we consider security analysis for the Temporal RBAC (TRBAC), one of the extensions of RBAC. The TRBAC considered in this paper allows temporal restrictions on roles themselves, user-permission assignments (UA), permission-role assignments (PA), as well as role hierarchies (RH). Towards this end, we first propose a suitable administrative model that governs changes to temporal policies. Then we propose our security analysis strategy, that essentially decomposes the temporal security analysis problem into smaller and more manageable RBAC security analysis sub-problems for which the existing RBAC security analysis tools can be employed. We then evaluate them from a practical perspective by evaluating their performance using simulated data sets

Automated analysis of RBAC policies with temporal constraints and static role hierarchies

Temporal role based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems (they map security analysis problems in presence of static temporal role hierarchies to problems without them) and we show how they can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. An experimental evaluation with a prototype implementation shows the better behavior of one of the proposed mappings over the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Temporal role-based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems: they map security analysis problems in presence of static temporal role hierarchies to problems without them. We show how our mappings can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. We carried out an experimental evaluation with a prototype implementation, which highlighted that one of the proposed mappings behaves better than the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies

Automated analysis of RBAC policies with temporal constraints and static role hierarchies

none3siTemporal role based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems (they map security analysis problems in presence of static temporal role hierarchies to problems without them) and we show how they can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. An experimental evaluation with a prototype implementation shows the better behavior of one of the proposed mappings over the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies.Ranise, Silvio; Truong, Anh; Viganò, LucaRanise, Silvio; Truong, Tuan Anh; Viganò, Luc

Analysis of TRBAC with Dynamic Temporal Role Hierarchies

Part 7: Short PapersInternational audienceThe temporal role based access control (TRBAC) models support the notion of temporal roles, user-to-role and permission-to-role assignment, as well as allow role enabling. In this paper, we argue that role hierarchies can be temporal in nature with a dynamism that allows it to have a different structure in different time intervals; and safety analysis of such extensions is crucial. Towards this end, we propose the temporal role based access control model extended with dynamic temporal role hierarchies, denoted as TRBACRH, and offer an approach to perform its safety analysis. We also present an administrative model to govern changes to the proposed role hierarchy