Temporal UAS: Supporting Efficient RBAC Authorization in Presence of the Temporal Role Hierarchy

Role Based Access Control (RBAC) has been shown to be a promising approach to ensure secure access in pervasive environment. In an RBAC system, users acquire permissions by activating roles authorized to them in user sessions. Hence, determining role sets that can be activated in a single user session is an important issue. In particular, systems employing an RBAC model extended with hybrid hierarchy pose a significant challenge in maintaining such a set of role sets, known as uniquely activable set (UAS), for each user. Moreover, RBAC models extended with temporal role hierarchy make the issue further challenging as the UAS computation needs to be continuously performed to support the authorization decision process. In this paper, we analyze formally how the temporal role hierarchy affects the user-activation process, define the Temporal UAS (TUAS) that captures the temporal characteristics of UAS, and propose efficient algorithms to generate TUAS at different time instants. We compare our approach with a brute force approach that computes UAS at every time instant and show that it is more efficient and hence practically more useful for time-based RBAC systems.