CT-RBAC: A Temporal RBAC Model with Conditional Periodic Time

Abstract

Many emerging applications show the need for a fine-grained context based access control requirements. The generalized temporal RBAC model has been proposed to capture fine-grained time-based access control requirements using periodic time expression to capture recurring intervals of time. In this paper, we present conditional temporal RBAC (CT-RBAC) model that extends GTRBAC model by extending the periodic time expression. In particular, the extension allows fine-grained extension to capture other logical conditions that restricts the validity of the temporal constraints. CT-RBAC uses a symbolic representation of conditional periodic time that can be used to define a set of conditions to qualify the components of a periodic time expression, using the concurrent transaction logic. Because of the conditional set introduced, CT-RBAC extends the time control dimension to the (condition, time) control plane and the (time, constraint) plane of the GTRBAC framework to the (condition, time, constraint) three-dimensional control space, thus providing more flexibility in the access control model. We analyze conflicts introduced by the constraint set and the complexity of evaluating the conditional set.