A Generalized Temporal and Spatial Role-Based Access Control Model

A Generalized Temporal and Spatial Role-Based

Access Control Model

Hsing-Chung Chen

Department of Computer Science and Engineering, Asia University, IEEE Member

Taichung County, Taiwan 41354 e-mail: [email protected]

Shiuh-Jeng Wang+, Jyh-Horng Wen++, Yung-Fa Huang and&, Chung-Wei Chen&&, +

National Central Police University/ Depart. of Information Management, Taoyuan, Taiwan E-mail: [email protected] ++ Thonghai University/ Depart. of Electrical Engineering, Taichung County, Taiwan E-mail: [email protected] & Chaoyang University of Technology /Dept. of Information and Communication Engineering,

Taichung County, Taiwan Email: [email protected]

&&

National Tsing Hua University/ Institute of Communications Engineering,

Hsinchu, Taiwan E-mail: [email protected] Abstract—Securing access to data, applied to mobile service

applications with temporal and spatial controlling, requires constructing innovative definitions with temporal and spatial limitations for an access-control system. To cope with the temporal and spatial requirements, we propose a generalized Temporal and Spatial RBAC (TSRBAC) model. In the TSRBAC model, temporal-period and spatial-location based entities are used to constrain the permissions of objects, user positions, and geographically bounded roles. Furthermore, we also present temporal and spatial relations of Temporal and Spatial Separation of Duties (TSSSD), Temporal and Spatial Dynamic Separation of Duties (TSDSD) constraints in the TSRBAC model.

Index Terms—- Access Control; RBAC; TSRBAC I. INTRODUCTION

Using wireless communications to access remote database system is becoming a more and more popular means of accessing contents outside a mobile user’s local machine. Mobile users can each get specific permission to access information through wireless connections dependent on their physical location [2]. One of the core techniques in a Wireless Access Database (WAD) system is Access Control (AC), which is the means by which the availability of data and resources accessible by users in a system is restricted and which both defends against illegal access by malicious attackers and prevents honest users from gaining inappropriate access and possibly causing administrative

errors. New problems frequently occur when users want to access more than one WAD server at specific locations concurrently and there are period constraints for AC. For example, first, one WAD server assigns specific permission to a user, where their permissions need to be constrained by specific locations and periods. At the same locations and periods, other WAD servers also assign another specific permission to the user. The user can now access, via varying roles, the corresponding multiple WAD servers. The WAD system should support situations including, but not limited to, a WAD server assigning a user multi-roles among distinct locations and periods, or assigning a user the same role but while having different permissions among distinct locations and periods. We hereafter propose a new and improved WAD system, which can satisfy the situations mentioned above. However, accessing and manipulating information from restricted users depending on specific locations together with period constraints complicates data processing activities. There are particular constraints that make WAD system processing different from WAD system computing.

A new AC technique, role-based access control (RBAC) [1, 37] has established itself as a generalized approach for handling access control in large organizations. It differs from conventional identity-based access control models in that it takes advantage of simplifying access control policies by using the concept of role relations. The National Institute of Standards and Technology (NIST), in a recent study of twenty-eight organizations, has demonstrated that RBAC

---

Manuscript received October 23, 2009; revised December 10, 2009; accepted January 01, 2010.

Correspondence Author: Hsing-Chung Chen with Asia University on Dept. of Computer Science and Information Engineering. Address: No. 500, Lioufeng Rd., Wufeng Township, Taichung County, Taiwan (R. O. C.) 41354. E-mail: [email protected] also [email protected].

addresses have many different needs in the commercial and government sectors [3].

Based on the aforementioned, the RBAC model’s manners of constraining user’s access to computer systems and the maturity of its models have been widely investigated. First, the conventional RBAC does not address user authentication method on applying to the multiple WAD systems environment e.g. there is more than one distinct WAD server which supports RBAC service in a system, in which each RBAC server needs to provide user authentication in order to identify the user’s authorities for assigning different permissions.

However, there are three other separate issues which have not been addressed in the conventional RBAC model [7]:

Issue 1: The organization should be able to mediate access to objects based on the specific locations and the spatial dimension in which the user is located.

Issue 2: The organization should be able to mediate access to objects based on specific periods within the time dimension. Namely, the users who are in the organization can only access some specific objects between some duty periods. Physically, some applications are affected by: temporal semantics, such as workflow-based systems and organizations in which processes and functions may have limited time spans or have periodic temporal durations.

Issue 3: This issue is the combination of two issues from Issue 1 and Issue 2, which state that the organization should be able to mediate access to objects based on both the specific locations and periods within the time-spatial dimension. Specifically, the users who are in the organization can only access some specific objects at specific locations and during specific periods.

Recent research supporting Issue 1 or Issue 2 is noted below. For example, Hansen et al. [4] have proposed a Spatial Role-based Access Control model for the support of Issue 1, which utilizes location information in security policy definitions to address the spatial constraint on RBAC. Their proposed model depends on whether the requirement of accurate estimation of the mobile terminal’s position is satisfied, which requires an accurate location estimation technique. In particular, location plays a key role in managing location-dependent and location-sensitive accesses. In this way, the conventional RBAC model can be extended by specifying spatial constraints on roles that are associated with users. In Hansen et al’s Spatial RBAC model [4], locations are represented by means of symbolic formalism that defines locations using location expressions that describe location areas that the system can identify. In support of Issue 2, Bertino et al. [1] proposed the Temporal RBAC model that addresses some of the temporal issues related to RBAC. The main features of this model include periodic enabling of roles and temporal dependencies among roles, which can be expressed through triggers. Particularly, in this model, time plays a key role in managing time-dependent and time-sensitive accesses. That is, the

conventional RBAC model has been extended by specifying temporal constraints on roles that are associated with users. Nevertheless, Bertino et al.’s Temporal RBAC model grants role-enabling constraints only. Subsequently, Joshi et al. [5] proposed a Generalized Temporal RBAC model, which can allow periodic, as well as durational constraints on roles, user-role assignments, and role-permission assignments. The Generalized Temporal RBAC model [5] extends the syntactic structure of the Temporal RBAC model [1] and its event and trigger expressions subsume those of Temporal RBAC [1].

However, the conventional RBAC model [7] does not address Issue 1, Issue 2 or Issue 3. In addition, the models [1, 36] mentioned above did not address Issue 3.

Therefore, in order to cope with the temporal and spatial constraints on the conventional RBAC model, we propose a TSRBAC model, an extension of Hansen et al.’s Spatial RBAC model [4], which specifies temporal and spatial restrictions on permissions assigned to roles. The TSRBAC model can address the constraints on the set of roles and permissions that users can activate while their permissions are constrained by specific, time-spatial pairs in which a pair is defined as a temporal period and spatial location (TPSL for short) pair, estimated from the serving TSRBAC server (a WAD server). Thus, in our model, we ensure that these TPSL pairs are represented by means of symbolic formalism that define them as the expressions of specific duty-time periods and location information that describe the user’s duty time together with the authorized location areas.

The remainder of this paper is organized as follows: In Sec. II, we propose a TSRBAC model and its definitions for multiple WAD servers in WAD system. An application scenario for the WAD system is described in Sec. III. This is followed by analyses and discussions of our proposal in Sec. IV. Finally, we make our concluding remarks in Sec. V.

II. TSRBACMODEL

In order to be adaptable to the requirements of those mobile environments with both temporal constraint and spatial constraint, we propose the TSRBAC model as below. TSRBAC model is an extension of Hansen et al.’s Spatial RBAC model [4] which is able to utilize both temporal and location information in security policy definitions. We assume that there are distinct WAD servers denoted as a set

m

^

WAD k kM

`

, where M

^

1, 2,...,m

`

and

j i

WAD

WAD z if

i

z

j

and , in the WAD

system. In the remainder of this section, we introduce the formal model components of the TSRBAC model for a

, i jM

k

WAD server as the following.

1. The basic definitions of the TSRBAC

The basic concept of the TSRBAC model, shown in Fig.1, consists of the following five component sets: Users

Definition 1: A subset of

, , x y x y k i j i j N TS W l  * ,

notated as ī k , is called normalized with respect to a set of

roles Rck from Rk , if it is

(U k ), Roles (Rk ), Permissions (PRMS k ), Sessions (S k ), and TPLSPS (TS k ), representing the set of users, roles, permissions, sessions and TPSL pair set respectively. Users in the set U k are considered the mobile units used by authenticated users that can establish (wireless) communication with the resources of the server to perform some activities. Roles are described as a set,

k

WAD

k

R ,

of permissions to access the resources (objects) of the

server. Permissions are a set, , of

approvals to execute operations on one or more objects of the server, which have been constrained by the role and role owner’s TPSL pair constraints. Sessions are a set,

k WAD WAD k S PRM k k

S , the mapping between users and activated subsets of the set of roles, , to which the users are assigned. TPSLPS is represented as a TPLS pair set,

k R k TS , of all subsets of TPSL pairs, where each TPSL pair is a symbolic expression by which the system describes and identifies not only the spatial domain but also the time domain. We assume that the WAD server can identify and estimate both users’ temporal-periods and users’ location information for legitimate users who belong to the set

k

k

U , based on the underlying WAD architecture.

¾a partition of TS k , that is,

, , x y x y k i j i j ǿ ī W l * and

Wix,ljy ˆ Wi_xc,lj_yc

M for any ix,j iy,xc,jyc ŽI N , , x x y i zi c j z jyc ;

¾any TPSL pair,

Wi_x,lj_y

, from

k

TS is homogeneous

with respect to Rck .

It is easy to see that any meaningful TPSL pair expression can be represented as a subset of normalized

k

TS . Hereafter, we also assume that ī k is a normalized subset of TS k (with respect to all roles from Rk ) that is a partition of the entire time-spatial domain controlled by the

k

WAD server.

On the sets Uk , Rk , PRMSk , S k and ,

several functions are defined as shown below. The user assignment (UA) relation, notated as

k

TS

k

UA , represents the assignment of a user from U k

to roles from , based on the success of the user authentication. The permission assignment relation, notated as , represents the assignment of permissions to roles based on the availability of roles’ TPSL pairs. We model authenticated users assigned to sessions, notated as k R k PA k S , by function au_sk

x

representing users associated with a single session.

Definition 2: The generalized model of TSRBAC;

We assume that the time-spatial domain, denoted as

k

: , covers the whole responsibility domain of the TSRBAC model. We define a subset of TS k , denoted as

k

ī , which belongs to the time-spatial domain :k and reflects the access authorities have to the underlying architecture and ability to map a user’s permissions on specific TPSL pairs. We also assume that a TPSL pair denoted as

,

belonging to

x y

i lj

W ī k , where i_x,j_yN

and N is a set of integer numbers. The pair

,

from

x y

i lj

W

k

TS is called homogeneous with respect to role J k from

k

R if J k has the same permissions available during the specific duty-time period Wi and specific location . In

order to simplify definitions and implementations, it is desirable to identify a minimum-value set of

i

l

k

TS that can be used in TPSL pair expressions to define the meaningful time-spatial domain in the TSRBAC model. Furthermore, there are two regular definitions, which we propose for constructing the basic model for the TSRBAC, which are shown as follows:

¾U k , Rk , PRMSk , Sk and TSk , represent the

finite sets of authenticated users, roles, permissions, sessions and TPSLPS, which are assigned by the WAD server k, respectively;

¾UAk ŽU k uRk , the user assignment relation that

associates users with roles available upon successful user authentication;

¾r au_ k

J k :Rk

o2Uk , the mapping of a role J k

onto a set of authenticated users, where the function

_ k r au x is defined as

^

`

_ k J k k u k ,J k r au uU UA k ;

¾PAk ŽRk uTS k uPRMS k , the role assignment

relation that assigns a permission to a role available on specific TPSL pairs;

¾ _

: ,

,

:

2 k

x y

k k k k PRMS i j

r p J R W l TS o , the

mapping of a role J k onto a set of permissions based on

the availability of a role’s TPSL pair,

,

x y i lj W , where the function r_pk x is defined as

^

k

`

_; x y k k k i j r _ p p P J , W ,l A x y i j k k ,l MS _{, p}k _P , R J W ¾au_s k

u U: k

o S au s x

2 k , where the function

_ k assigns an authenticated user onto a set of

sessions;

¾s r_ k

9 k :S k

o2Rk , the mapping of each session

k

9

to a set of roles;

¾ ,

the permissions available in a session _{> @k}

_

_

:

,

,

:

2

k x y k k k k PRMS i j

s pa ts

9

S

W

l

U

o

9 for a TPSL pair

,

x y i lj W and

_ _ _ , , x y k k k k k i j s pa ts r p l J 9

J

W

 * .

2. Hierarchical role in TSRBAC

Hierarchies in the TSRBAC model define an inheritance relationship between roles for a WAD k server in WAD system, such that a role Jik Rk inherits the permissions

from role Jjk Rk , if all permissions of k j

J are also the permissions of J_ik . We present a hierarchical TSRBAC model, shown in Fig.1, for aWADk server. In this model, permission is assigned to a role varying with distinct TPSL pair. Thus, the permissions inheritance relationship among roles in the presence of a role hierarchy must depend on the TPSL pair. That is, a role Jik would inherit the permissions

of role Jjk in a subset of TPSLPS, k

ī , if all the permissions of Jjk in

k

ī are also the permissions of

k i

J in īk and if, and only if, ī k ŽTS k . A regular definition is shown below for the role hierarchies of the TSRBAC model in a WAD system.

Definition 3: Role hierarchies in a TSRBAC model:

¾RH k ŽRk uRk uTS k is a partial order of roles

with respect to some specific TPSL pairs in ī k , called

the ascendancy relation, written as

k * ; , where k k k j i

J ; J , is such that role

*

k k i R

J  inherits all

permissions that role jk Rk has in a subset of

TPSLPS,

J 

k

ī ŽTS k , and all the users of Jik are also

the users of Jjk . If

k

ī is omitted, then role J_ik

inherits all the permissions of Jjk with respect to the

specific TPSLPs where Jjk is defined.

¾r p

_j

:TS k

o2PRMSk is

the mapping of a role ik

_ _tsk k :Rk , ,

x y

i i l

J W

J , onto a set of permissions,

based on a TPSL pair

,

x y

i lj

W , in the presence of a role

hierarchy. The permission set assigned directly to the role for that TPSL pair together with the permissions assigned to its junior roles in that same TPSL pair is specifically:

ix,ljy

k k i s

J

,

W

r _ p _ t

_ k j k k k i r _ p ts j J : k k j i r _ p_ts J J x y i j , ,l J W Wix,ljy k k , J * ­ ½ ° ° ‰® ¾ ° ° ¯ ; ¿

*

o2Uk is the mapping of a role

_ _

r au tsk J_ik :Rk

k i

J onto a set of authenticated users in the presence of a

role hierarchy, specifically:

^

`

_ _ _ik _ik _i

r au tsk J uUk J ; , J_jk u,J k UAk ;

¾for the purposes of generalization, let ī k be a subset of

PSLPS

^

1, 1 , 2,

i lj i l

W W j₂ ,...,Wi_x,lj_y ,...,

Wi_xc,lj_yc

,...,

Wi_n,lj_n

`

, normalized with respect to roles

, k k i j J J Rk and

,

x y i j k

 . Then the relation

l TS W

^ `

k k i ī k j J ; J is such that , k i j ī _{W l}  › x y i j J k J k § · ¨ ¸ ¨ ¸ ¨ ¸ © ¹ , ili W ; .

From the above definitions, it follows that if

_i ,_i

x ly W k k i j , then J ; J

x y

x y

k k k k i j i j j i r _ p_ts

J

,

W

,l Ž r _ p_ts

J

,

W

,l _ _ k _jk _ _ k _ik r au ts J Ž r au ts J k WAD

and .

3. Separation of duties constrained in the TSRBAC

The proposed RBAC model [7] defines Separation of Duties as those that are to be enforced on a set of roles that may not be executed simultaneously by a user. Our model extends the concept of Separation of Duties to allow users who have been authorized to have mutually exclusive roles if they cannot be utilized in the same TPSL pair. It is similar to Static Separation of Duties (SSD) [6] and Dynamic Separation of Duties (DSD) [6] that intends to limit the permissions available to a user. It differs from SSD and DSD in that the roles are mutually exclusive and reliant on the TPSL pair in which a user is situated. That is, two roles with assigned permissions may be mutually exclusive for a given TPSL pair; however, for another TPSL pair, a user may be authorized to activate these two roles, since the set of permissions assigned to the roles may be different for distinct TPSL pairs.

We define, in our TSRBAC model shown in Fig.1, both temporal and spatial relations SSD and DSD for a

server,which are further, elaborated and defined in

the next two subsections.

(1) Temporal and Spatial Separation of Duties (TSSSD) relations enforce constraints on the assignment of users to roles with regard to TPSLPs. This implies that if a user is assigned to a role in a TPSL pair, then the user cannot be assigned to another role in this same TPSL pair if these two roles are conflicting. Thus, a user may never activate two roles that share a TLSSD relation for a specified TPSL pair. This is the stronger Separation of Duty relation, and our model would be similar to the standard RBAC model if the temporal and spatial SSD relation were defined for the entire time-spatial domain. This is illustrated in Fig. 1. The formal definition of temporal and spatial SSD is given below.

Definition 4: TSSSD relation in the TSRBAC model;

¾TLSSDk , , is a collection of triples

for a 2 k 2 k k R TS k TLSSD Ž u uN , ,n 2Rk , 2TSk , N D E 

k

k

WAD server; where each D 2Rk is a role

set, 2

k

TS

E is a normalized TPSLPS, and

k

nN is a natural number, n t 2 , with the

property that no user can be assigned to n or more

roles from the set D in any normalized TPSL pair

, from

Wix ljy E . Specifically:

x y

: k i j , ,n TLSSD , ,l , n D E W E K D K   Ž t implies _ _

,

,

x y k k k i j r au ts l J K J W M  2 k 2 k k R TS TLDSD Ž u uN , ,n 2Rk , 2TSk , N D E  .

(2) Temporal and Spatial Dynamic Separation of Duties (TSDSD) relations enforced on the permissions assigned to roles, which are activated in a user’s session (see Fig. 1). Temporal and spatial DSD relations allow users to be assigned to two or more roles that are not conflicting when activated in separate sessions for specified TPSL pairs; however, it would generate policy concerns when activated simultaneously in a user’s session for other specified TPSL pairs. This offers a great advantage compared with the conventional DSD, because one can limit the validity of the constraint to yield only in specific TPSL pairs. A conventional DSD constraint enforces restrictions on roles in the entire organization; that is, the complete time-spatial domain, while temporal and spatial DSD limits the constraint to be validly dependent on a TPSL pair such that a user may activate conflicting roles within a session for a TPSL pair, other than the TPSL pair itself, for which the temporal and spatial DSD constraint is specified. This is illustrated in Fig. 1. The formal definition of the temporal and spatial DSD is given below.

Definition 5: TSDSD relation in the TSRBAC model;

¾ k

TLDSD , , is a

collection of triples

k for

a

k

WAD server, where each D2Rk is a role set,

2TSk

E is a normalized subset of TPSLPS, and

k

nN is a natural number, nt2, with the property

that no user may activate n or more roles from the set

D in any normalized TPSL pair

,

x y i lj W from E . Specifically:

n

TLDSD ,

Wix,ljy

E, 9 _{D E, ,}  k  _S k _,

: k k s _ r n U 9 D U Ž ˆ

t implies

, ,

x y k k i j ts l k r a J U _ u_ J W M  .

III. APPLICATION SCENARIO

Assume that there are three distinct databases managed by distinct WAD servers WADA , WAD B and respectively. We then assume that the users

and U7 have satisfied the UA relations UAA , C WAD 1, 2, 3, 4, 5, 6 U U U U U U B

defined according to Definition 1 and Definition 2 as follows: , , 1 A U UA 2 A U UA U₃UAA A , and , where U ; 4 A U UA A A A U R Ž u 7 A U UA 1 B U UA , 5 B U UA and 6 B U UA where B B B R ; , and 7 C

where C . We illustrate the

example with the following.

UA U U UA Ž u UA 1 C U UA C C U R Ž u 4 C U UA

Example: In Fig. 2, the WAD B server assigns the user

one role, 1

U

J

₁B with the constraint TPSL pair

W1 1,l

C

WAD

. In the same period and location area, the server assigns the user U1 the other role,

C

1

J

with the same constraint TPSL pair

. The WA server also assigns the user two roles,

1 1,l 2 W 1 U A D A

J

and

J

₅A , constrained by the TPSL pairs

W2,l4

and

4 l5

1

U ,

W , respectively. Similarly, the WADC server assigns the user the role

3

C

J

with the constraint TPSL pair

W₂,l₄

. That is, according to Definition 1, the user has been assigned the roles with the constraint of the subsets of TPSLPS:

1 U

^

`

1 W2, 4 , W

4, 5 l l ī B A ī

^

, 1

^

W1,l1

`

and

`

1 C ī W1,l1 by WAD servers: , A WAD WADB

andWADC , respectively.

> @

3

The users and , shown in Fig. 2, are assigned the roles

2

U U₃

A ,

J

and

J

_{> @}

A ,4 , respectively, with the same

constraint TPSL pair

W3,l3

by the

A

WAD server, where the two roles satisfy the ascendancy relation

ī

^

3 4

`

3 4 A A A A ī J J ˆ ; and

^

ī3 ˆī4

`

^

IJ ,l3 3

`

2 U A A . In other words, according to Definition 3, the user can access not only the permission of the role

J

₃A but also the permission of the role

J

₄A , inherited from the role

J

₃A . On the contrary, however, the user cannot access the permission of the role

3

U

3

A

J

. This implies that the user is assigned to the role

3

U

4

A

J

in the TPSL pair

, that is, the user is not assigned to another role

3,l3 W 3 U

J

₃A in this TPSL pair

W₃,l₃

.

If the WADB server enforces these two roles 3

B

J

and

4

B

J

, in Fig. 2, such that these two roles share a temporal and spatial SSD relation according to Definition 4 in a specified TPSL pair

W4,l1

U

3

B

, and if these two roles are conflicting, then the user or may never activate these two roles

5 U6

J

and 4 B

J

, i.e.

^

3 , 4

`

,

^

,1

`

, 2

B B W4 l J J TLSSDB .

In Fig. 2, according to Definition 5, no users are allowed to activate both 2

B

J

and 5

B

J

in a specified TPSL pair

W3,l2

, in a single session, i.e.,

^

2 , 5

`

,

^

3,2

`

, 2

B B

l

J J W



B

TLDSD . The fact is that no temporal and spatial DSD

constraint on 2

B

J

and 5

B

J

is specified for the other TPSL pairs in Fig. 2. Only the WADB

5

U U₆

server enforces the constraint that neither the user nor may never activate these two roles for a single user’s session in a specified TPSL pair

W3,l2

.

Finally, after successfully performing a user’s authentication by way of a WAD server, a user can be allowed to access this WAD server.

Thus, our model extends from the Hansen et al.’s Spatial RBAC model [4] for which extends the conventional RBAC model to access not only the temporally sensitive constraint but also the spatially sensitive constraint.

IV. ANALYSESANDDISCUSSIONS

Two important characteristics in our TSRBAC model are analyzed in the following, where the model applies to associated RBAC servers in the WAD system.

(1) Each WAD server may define its own components

k

R , PRMSk and Sk respectively; and

furthermore, it may also define its own relations UAk ,

k

PA , RH k , TLSSDk , and TLDSDk , respectively. That is to say, each server may own and manage all its components and relations, except the sets of Users

(Uk ) and TPSLPS (TSk ). In the WAD system, a user

may activate multi-roles to access multiple WAD servers depending on their authorized subset of the TPSLPS.

(2) If a user wants to activate a role, which has been

assigned, belonging to a WAD server, then the user must be authenticated by each WAD server to which she/he belongs.

Finally, the TSRBAC model we propose is compared to several influential research papers mentioned above. Bertino et al.’s [1] TRBAC model addresses the periodic enabling of roles and temporal dependencies among roles, but it does not address the user authentication and spatial constraints. Joshi et al.’s [5] Generalized Temporal RBAC model is capable of expressing a wider range of temporal constraints and also allows expressing periodic as well as durational constraints on roles, user-role assignments, and role-permission assignments, however, it does not address user authentication and spatial constraints. Hansen et al.’s [4] Spatial RBAC model specifies spatial restrictions on permissions assigned to roles, which can be used to constrain the set of roles and permissions that a user can activate at a given location, yet it does not address the user authentication and temporal constraints.

V. CONCLUSION

We have proposed a Temporal and Spatial RBAC model that allows specification of a comprehensive set of temporal and spatial constraints. In particular, all users will be authenticated first from their serving WAD server, where each server defines the related relations of UAk , PAk ,

k

RH , TLSSDk and TLDSDk via our TSRBAC model.

The constraints on role enabling and role activating, and various temporal and spatial restrictions on user-role and role-permission assignments, can be specified multiple WAD servers, in the WAD system, through the TSRBAC model. We have also presented the temporal and spatial-based semantics of hierarchies, temporal and spatial SSD and temporal and spatial DSD constraints. We also present an associated role-hierarchical relation that is the definition extended from basic TSRBAC model for the associated WAD servers in a WAD system. Additional extensions from both relational definitions of the spatial SSD and spatial DSD include the associated temporal and spatial SSD and associated temporal and spatial DSD for application in a

practical WAD system. Furthermore, incorporating temporal and location information in the RBAC as proposed in this paper would enable the RBAC to be implemented in wireless computing environments.

REFERENCES

[1] E. Bertino, P.A. Bonatti, and E. Ferrari, “TRBAC: A Temporal Role-Based Access Control Model,” ACM Trans. on Information and System Security, vol. 4, no. 3, pp. 191 – 233, Aug. 2001.

[2] Y. Cai, K. A. Hua, G. Cao., T. Xu, “Real-time processing of range-monitoring queries in heterogeneous mobile databases,” IEEE Transactions on Mobile Computing, vol. 5, no. 7, pp. 931 – 942, July 2006.

[3] D. F. Ferraiolo, R. Sandhu, S. Gavrila, D.R. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Control,” ACM Trans. on Information and System Security, vol. 4, no. 3, pp. 224 – 274, Aug. 2001.

[4] F. Hansen and V. Oleshchuk, “Spatial role-based access control model for wireless networks,” in Proc. the 58th of IEEE Vehicular Technology Conference, vol. 3, pp. 2093 – 2097,6 – 9 Oct. 2003. [5] J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A Generalized

Temporal Role-Based Access Control Model,” IEEE Transactions on Knowledge And Data Engineering, vol. 17, no. 1, pp. 4 – 23, Jan. 2005.

[6] S. Osborn, R. Sandhu, and Q. Munawer, “Configuring role-based access control to enforce mandatory and discretionary access control policies,”ACM Trans. on Information and System Security, vol. 3, no. 2, pp. 85 – 106, 2000.

[7] R. S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” IEEE Computer, vol. 29, issue 2, pp. 38 – 47, Feb. 1996.

Figure 1. Both and relations with TPSL pair constraints are managed by aWAD server.

k

TLSSD TlDSDk

and Hybrid Information Technology CCIT) series.

Prof. Hsing-Chung Chen received the B.S. degree in Electronic Engineering from National Taiwan University of Science and Technology, Taipei, Taiwan, in 1994, and the M.S. degree in Industrial Education from National Normal University, Taipei, Taiwan, in 1996, respectively. He received the Ph.D. degree in Electronic Engineering from National Chung Cheng University, Chia-Yi, Taiwan, in 2007. During the years 1991-2007, he had served as a System Engineer at the Department of Mobile Business Group, Chunghwa Telecom Co., Ltd. From February 2008–present, he has been the Assistant Professor of the Department of Computer Science and Information Engineering at Asia University, in Taichung County of Taiwan. Currently, he is interested in researching Multi-session Cryptography, Role-based Access Control, Fuzzy Control, Grey Theoretic, and Wireless Communications. He is a member of the Chinese Cryptology and Information Security Association (CCISA). He is also a member of the International Fuzzy System Association (IFSA), the member of the Chinese Grey Systems Association. He joins the international committee on International Conference on Convergence

(I

Prof. Shiuh-Jeng Wang was born in Taiwan, 1967. He received the M.S. degree in Applied Mathematics from National Chung-Hsing University, Taichung, Taiwan, in 1991. He received his PhD degree in Electrical Engineering at National Taiwan University, Taipei, Taiwan in 1996. He is currently with Dept. of Information Management at Central Police University, Taoyuan, Taiwan, where he directs the Information Cryptology and Construction Laboratory (ICCL, http://hera.im.cpu.edu.tw). He was a recipient of the 5th Acer Long-Tung Master Thesis Award and the 10th Acer Long-Tung Ph.D Dissertation Award in 1991 and 1996, respectively. Dr. Wang was a visiting scholar of Computer Science Dept. at Florida State University (FSU), USA in 2002 and 2004. He also was a visiting scholar of Dept. of Computer and Information Science and Engineering at University of Florida (UF) from Aug. 2004 to Feb. 2005. He served the editor-in-chief of the journal of Communications of the CCISA in Taiwan from 2000-2006. He has been elected as the Director of Chinese Cryptology and Information Security Association (CCISA) since 2000. Dr. Wang academically toured the CyLab with School of Computer Science in Carnegie Mellon University, USA, in 2007 for international project collaboration inspection. He is also the authors of eight books (in Chinese versions): Information Security, Cryptography and Network Security, State of the Art on Internet Security and Digital Forensics, Eyes of Privacy –Information Security and Computer Forensics, Information Multimedia Security, Computer Forensics and Digital Evidence, Computer Forensics and Security Systems, and Computer and Network Security in Practice, published in 2003, 2004, 2006, 2007, and 2009, respectively. He is also the guest editors of a number of Journals including IEEE Journal on Selected Areas in Figure 2. An example to illustrate how users are assigned

roles depending on the users’ specific TPSL pairs by the servers ,A

Communications (J-SAC), Journal of Internet Technology (JIT) , Oxford The Computer Journal, Springer Telecommunication Systems in 2010 and 2011, respectively.Prof. Wang has published over 200 papers in referred Journals/Conference proceedings/Technique reports so far. He is a full professor and a member of the IEEE, ACM. His current interests include information security, digital investigation and

omputer forensics, steganography, cryptography, data onstruction and engineering.

and Technology for Development, the hinese Grey System Association, and the Chinese Institute of Electrical Engineerin

nd ireless sensor networks. Dr. Huang is a member of IEEE ommunications Society and IEICE Communications Society.

niversity, Taiwan. His research interest includes security issues in mobile ad hoc network and wireless sensor network.

c c

Prof. Jyh-Horng Wen received the B.S. degree in electronic engineering from the National Chiao Tung University, Hsing-Chu, Taiwan, in 1979 and the Ph.D. degree in electrical engineering from National Taiwan University, Taipei, in 1990. From 1981 to 1983, he was a Research Assistant with the Telecommunication Laboratory, Ministry of Transportation and Communications, Chung-Li, Taiwan. From 1983 to 1991, he was a Research Assistant with the Institute of Nuclear Energy Research, Taoyun, Taiwan. From February 1991 to July 2007, he was with the Institute of Electrical Engineering, National Chung Cheng University, Chia-Yi, Taiwan, first as an Associate Professor and, since 2000, as a Professor. He was also the Managing Director of the Center for Telecommunication Research, National Chung Cheng University, from Aug. 2001 to July 2004 and the Dean of General Affairs, National Chi Nan University, from Aug. 2004 to July 2006. Since Aug. 2007, he has been the Department Head of Electrical Engineering, Tunghai University, Taichung, Taiwan. He is an Associate Editor of the Journal of the Chinese Grey System Association. His current research interests include computer communication networks, cellular mobile communications, personal communications, spread-spectrum techniques, wireless broadband systems, and gray theory. Prof. Wen is a member of the IEEE Communication Society, the IEEE Vehicular Technology Society, the IEEE Information Society, the IEEE Circuits and Systems Society, the Institute of Electronics, Information and Communication Engineers, the International Association of Science

C

g.

Prof. Yung-Fa Huang was born in

Changhua County, Taiwan, in 1961. He received the Diplom-Eng. in electrical engineering from National Taipei University of Technology, Taipei, in 1982, M.Eng. degree in electrical engineering from National Tsing Hua University, Hsinchu, Taiwan, in 1987 and Ph.D. degree in electrical engineering from National Chung Cheng University, Chiayi, Taiwan, in 2002. During 1982-1984, he joined the Air Forces for the military service in Taiwan. During 1987-2002, he was an instructor in Chung Chou Institute of Technology, Yuanlin, Taiwan. From February 2002 to July 2004, he was with the Department of Electrical Engineering, Chung Chou Institute of Technology, as an Associate Professor. From August 2004 to July 2007, he was an Associate Professor in Graduate Institute of Networking and Communication

Engineering, Chaoyang University of Technology, Taichung, Taiwan. From August 2007 to July 2008, he was the Department Head of Computer and Communication Engineering and the Institute Chair of the Graduate Institute of Networking and Communication Engineering, Chaoyang University of Technology. Since Aug. 2008, he has been the Department Head of Information and Communication Engineering, Chaoyang University of Technology. His current research interests include multiuser detection in OFDM-CDMA cellular mobile communication systems, communication signal processing, fuzzy systems a w

C

Chung-Wei Chen received the MS degree in communication engineering from National Tsing–Hua University, Taiwan and BS degree in electric engineering from National Central University, Taiwan. He is now working toward PhD program in Institute of Communication Engineering of National Tsing-Hua U