GTRBAC: A Generalized Temporal Role Based Access Control Model
James Joshi - Pittsburgh University
Nov 10, 2004Size: 219.4MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractA key issue in computer system security is to protect information against unauthorized access. Emerging workflow-based applications in healthcare, manufacturing, the financial sector, and e-commerce inherently have complex, time-based access control requirements. To address the diverse security needs of these applications, a Role Based Access Control (RBAC) approach can be used as a viable alternative to traditional discretionary and mandatory access control approaches. The key features of RBAC include policy neutrality, support for least privilege, and efficient access control management. However, existing RBAC approaches do not address the growing need for supporting time-based access control requirements for these applications. In this talk, I will present a Generalized Temporal Role Based Access Control (GTRBAC) model that combines the key features of the RBAC model with a powerful temporal framework. The proposed GTRBAC model allows specification of a comprehensive set of time-based access control policies, including temporal constraints on role enabling, user-role and role-permission assignments, and role activations. The model provides an event-based mechanism for providing context based access control, as well as expressing dynamic access control policies, which are crucial for developing secure workflow-based enterprise applications. I will discuss various design guidelines for managing complexity of policy specification as well as an XML-based GTRBAC policy specification language.
About the SpeakerJames Joshi is an assistant professor in the department of Information Science and Telecommunications at the University of Pittsburgh. He is a founder and coordinator of the Laboratory of Education and Research on Security Assured Information Systems (LERSAIS), which has recently been designated as a National Center of Academic Excellence in Information Assurance Education jointly by the NSA and DHS. He received his PhD degree from Purdue University in 2003. He is currently supported by the NSF for establishing security tracks in the University of Pittsburgh. His areas of interest include Access Control Models, Security and Privacy of Distributed Multimedia Systems, and Systems Survivability. He serves as a program committee member in several conferences including ACM Symposium on Access Control Models and Technologies, International Symposium on Multimedia Software Engineering, ACM Workshop on Multimedia Databases, and Annual International Conference on Mobile and Ubiquitous Systems. He was a Program Co-Chair for IEEE Workshop in Information Assurance.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.