Abstract
This paper describes a temporal authorization model with decentralized administration facilities. The model supports both positive and negative authorizations. Each authorization is associated with a time interval, limiting the validity of the authorization. Authorizations can be specified explicitly or derived through rules. Administration of authorizations is decentralized and is based on different types of administrative privileges together with the grant option. Revocation is recursive in that whenever a user is revoked an authorization, the authorizations he granted may also be revoked.
Chapter PDF
Similar content being viewed by others
References
Bertino, E. Bettini, C. Ferrari, E. and Samarati, P. (1995) A decentralized temporal authorization model. Technical Report 148–95, DSI–University of Milano, Italy.
Bertino, E. Bettini, C. Ferrari, E. and Samarati, P. (1996) A temporal access control mechanism for database systems. IEEE Transactions on Knowledge and Data Engineering, to appear.
Bobrowski, S. (1993) Safeguarding. DBMS, pages 44–52.
Castano, S. Fugini, M.G. Martella, G. and Samarati, P. (1995) Database security. Addison Wesley.
Fagin, R. (1976) On an authorization mechanism. ACM Transactions on Database Systems, 3 (6): 310–9.
Griffiths, P.P. and Wade, B.W. (1976) An authorization mechanism for a relational database system. ACM Transactions on Database Systems, 1 (3): 242–55.
Steiner, J.G. Neuman, C. and Schiller, J.I. (1988) Kerberos: An authentication service for open network systems. In USENIX Conference Proceedings, pages 191–202, Dallas, TX.
Thomas, R.K. and Sandhu, R.S. (1993) Discretionary access control in object-oriented databases: Issues and research directions. In Proceedings 16th National Computer Security Conference, pages 63–74, Baltimore, MD.
Woo, T.Y.C. and Lam, S.S. (1993) Authorizations in distributed systems: A new approach. Journal of Computer Security, 2 (2 & 3): 107–36.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Bertino, E., Bettini, C., Ferrari, E., Samarati, P. (1996). A Decentralized Temporal Authorization Model. In: Katsikas, S.K., Gritzalis, D. (eds) Information Systems Security. SEC 1996. IFIP Advances in Information and Communication Technology. Springer, Boston, MA. https://doi.org/10.1007/978-1-5041-2919-0_24
Download citation
DOI: https://doi.org/10.1007/978-1-5041-2919-0_24
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-5041-2921-3
Online ISBN: 978-1-5041-2919-0
eBook Packages: Springer Book Archive