Docstoc

50120130405015

Document Sample
50120130405015 Powered By Docstoc
					International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
 INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME
                                  TECHNOLOGY (IJCET)

ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)                                                        IJCET
Volume 4, Issue 5, September – October (2013), pp. 115-137
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)                     ©IAEME
www.jifactor.com




     DYNAMIC EXPIRATION ENABLED ROLE BASED ACCESS CONTROL
       MODEL          FOR CLOUD COMPUTING ENVIRONMENT

                         Levina T1, Dr. S C Lingareddy2 and Kashyap Dhruve3
                     1
                       (Assistant Professor, Alpha College of Engg, Bangalore, India)
             2
                 (Professor & HOD Dept of CSE, Alpha College of Engg, Bangalore, India)
                       3
                         (Technical Director, Planet-i Technologies, Bangalore, India)


ABSTRACT

         Cloud computing is one of the most emerging technique for fulfilling service demands in
various forms. The key issue that is considered for its enhancement and optimization is the access
control. In order to fulfill this requirement, here in this paper the author has proposed a robust system
model called, “Dynamic expiration enabled role based access control                           system that
facilitates a widespread set of temporal constraints which further provides the fine grained policies
for time-based access control scheme. This paper presents a study of the key issues of expressiveness
and minimality in cloud environment. The presented research work illustrates that even with non-
minimalitythe presented model can provide higher flexibility with minimum complexity for
presentation of constraints and efficient role assignments. This makes the proposed system functional
with higher user count and the simultaneous role-permission, even without compromising with the
security issues. The                 system is evaluated on the Amazon Cloud, the scalability and
efficient access control mechanism is established proved by the results discussed in this paper.

Keywords: Role based access control system, Cloud computing, Access Control,

I.     INTRODUCTION

        Cloud computing is one of the most emerging technologies of present days and a service
infrastructure that facilitates service on demand for calculation, data storage and highly robust
network infrastructures. In this technology, the computation of resources are considered and
provided as the services over the internet. Some other technical societies also states cloud computing
in different definition, like “a technology or system model that functions for providing omnipresent,
expedient, on demand access of defined network to a shared collection of configurable computing
resources and frameworks. In order to accomplish the efficient cloud services over internet it can


                                                  115
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

facilitate a rapid and highly efficient system with minimum resource management activities and least
interaction of service providers.
         In cloud computing one of the predominant security issues is the access control of
information and system security. In order to control the various time-sensitive activities numerous
cloud applications like management of workflow and real-time operational databases, the access
control specifications are required to be enhanced with the optimum temporal constraints. The
presented research work has been motivated by the requirement of a highly robust and effective
access control approach that could meet and can alleviatethe security concerns in cloud environment
with raised trust level for numerous cloud based applications and service segments. One of the
predominant and efficient approach for accomplishing cloud security requirements in organization is
                                            that fulfills various security requirements [1], [2], [3], [4].
As compared to the existing traditional approaches of discretionary and mandatory access control
                     system [5], [2], [6], [7], [8] the           mechanism can be much fruitful and
effective solution. In case of cloud environment of heterogeneous nature like Internet [9], [11],
        system framework might be much effective solution for secure interpolation purposes.
         On the other hand the time factor plays a vital role for management of time-sensitive
access controls. The user creation with role assignment and its optimization is also a key
aspect of cloud computing which is required to be optimized. Meanwhile, a better example
for time management could be the management of workflow which do encompasses the
critical deadlines for completion of invocations. In order to meet such requirements the
time-based or period oriented techniques are suggested [12] [13], [14], [15]. On the other hand in
order to manage the roles and the user permission a highly effective and efficient system
is required that could manage the users with their respective roles assignment and cloud security.
In order to achieve these all expectations here in this paper we have proposed
a                                                                                            model that
emphasizes on the highly effective and responsible system constraints as well as time oriented user
creation and role assignment system that could meet the requirement of highly efficient and
productive system model for competitive cloud environment. These all considered constraints
characterize themselves effective with the implementation of orthogonally with every aspects of role
based Access control mechanism such as role creation, user definition, role assignment, activation of
specific roles, defining roles for users, assignment of role permissions.
         Specifically, the proposed                   system differentiates between the activation or
enabling of roles and the activation of individual roles. In this approach a specific role is defined and
is activated only in the circumstance when a particular user is permitted to get it. An activated role
becomes functional when the user is permitted for access in the duration of defined session. The
roles could not be activated by the users in case of disabled role session. Hence, the considered or
specified model does specify the roles on after enabling or disabling when it can/cannot be assumed
by users.
         In the proposed system model we have considered three dominant kinds of hierarchy that
strengthens the system model with higher efficiency and security enhancement. These are
inheritance-only hierarchy                           activation-only hierarchy                         and
                                                                The first hierarchy permits the semantics
for permission-inheritance while the second refers semantics for activation of roles only and the last
considered and developed hierarchy permits both the role activation as well as permission
inheritance. Considering these all, here in this system model we have implemented these all three
hierarchies which have been further divided into two categories called as restricted and unrestricted
kind of hierarchy [16], [17].
         In general issues allied with any access control model or frameworks with rich constraint
language are the factor of minimality and its expressiveness where the minimality refers the

                                                   116
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

minimum status of set of constraints and it is a vital criterion that determines the effectives of the
minimal model over the nonminimal models. Here in this paper we have proposed and developed a
highly robust framework that addresses the existing problems of minimality, expressiveness, user
creation, role generation and respective role-permission with the expected minimum expiration
period in         framework. The proposed                 model has performed better in terms of highly
efficient role creation and multiple role assignments per user in defined minimum time even without
violating the security aspects in comparison with                model [17]. Considering the power of
expressiveness, here in this work we have illustrated that the numerous sets of model constraints
could be used for generating a family of                  system model with similar expressive power.
Even being a non-minimal set of constraints in                  cloud framework here in this work has
established itself as more beneficial in terms of numerous advantages like least complexity, better
manageability and the feasibility in the characterization of policies of access control management. It
has illustrated that the constraints of timing for individual role assignments for users could be easily
substituted by the temporal constraints for effective role enabling activities.
    The proposed and developed system architecture                     can be significant for examining
and investigating the performance of the model with minimality factor, expressiveness, and
complexity, feasibility in user creation, highly efficient and optimum user creation, role generation
and role-permission assignments for cloud environment without compromising with the security. The
results obtained for various user sizes and respective role generation with role assignments in the
proposed model and framework architecture establishes itself as the best system forhighly efficient
user managements, role creation and role assignments system for cloud computing environment.
        The other sections of the manuscript have been presented as follows: Section II presents the
related work of the considered technologies which is ascended by section III that states
model and its introduction for functionalities. Section IV presents expressiveness of
model and its modeling. This section also presents the operations on periodicity expressions
algorithms, various developed algorithms and the system complexity along with its design
constraints. Section V presents the results obtained and its analysis which is ascended by Section VI
that discusses the conclusions of the developed system model.

II. RELATED WORKS

         Considering the requirement of a highly robust and effective solution for access control and
role management in cloud computing environment a number of researches have been induced and
many of them have performed well also. In this way to research process the first scientist group
Bertino et al. introduced TRBAC framework that emphasizes on the dominant constraints of RBAC
system model [14]. The shortcomings of that system model were rooted with the use of temporal
constraints for performing role enabling that limited its performance for multiple service
requirements in cloud environments. At the next phase the predominant work was for
model [17] the extended form of            model with the difference of inclusion of few extensive set
of constraints.
                modelwas introduced in [14] that mainly support the temporal authorization and key
deviation principles [14] but still lacks in addressing the roles and its effective assignments. A
number of other researchers have advocated for the implementation of certain significant supporting
constraints in an        model and few dominant works have been done in [18], [13], [5], [17], [19],
[8]. Then while, those research efforts could not address the problem of time-based access
restrictions and effective user creation with role assignment of multiple sizes. This shortcoming was
illuminated in our work. In certain work [15] the researcher came out with a system architecture
based on a logic-oriented constraint specification language that might be employed for specifying the
constraints on individual roles, users and the role-assignments on the users. In [13] a temporal data

                                                  117
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

authorization model             was proposed that could represent the access control policies on the
basis of temporal behaviour of the data [13]. Considering these research gaps and requirements here
in this paper we have proposed a                   model that emphasizes on the characteristic of
permission by implementing the dynamic assignments of role-permission with the help of constraints
of periodicity, session constraint and Event dependencies.
        In this research work we have tried to implement the unique and highly robust system model
that considers all of the key aspects like minimality, session constraints, expressiveness, user
management and allied role permission facility with optimum performance level and the usability of
access control and management.

III. DEERBCA MODELING AND TEMPORAL ROLE HIERARCHY

3.1 IntroducingDEERBCA Model
        In the highly robust and complicated systems of cloud computing the proposed dynamic
expiration enabled role based access control model,                 plays a significant role in cloud
computing environment and its resource management. The mechanism of                               also
accommodates the individual concepts of role provisioning, its activation and even the provision of
environment constraints as well as the event expressions allied with it.
In the proposed                approach the system architecture characterizes a number of set of
constraints. These are as follows:

     1. Temporal role enable/disable constraints
     Temporal role enabling/disabling constraints are those constraints that permit the characteristics
of intervals and that time durations in which the role of users are enabled. In case of defined
duration constraints the constraint enabling event ignites or initiates the enabling or disabling of a
particular role. This initiation takes place either by enabling functions or by a specific administrator
initiated runtime process.
     2. Provision of temporal restraints on individual user’s role and the assignment of its role-
        permission
        Such kind of restraints permits the characteristics of function intervals and the time duration
in which the role for a specific user or its permission is allotted or issued.
     3. Activation constraints
        Activation constraints are those constraints that permit the nature of employed restrictions
functional of the activation of a user’s role. These constraints encompasses, the characterization of
the complete time interval for which a defined user can initiate a role or the count
ofcontemporaneous activations of the role defined at a specific time.
     4. Runtime proceedings
        A combination of runtime events permits the supervisor to vigorouslycommence the
            procedures, or facilitate the period or commencementrestraints.
Few others combination of runtime procedures permits the users to make certain request for
activating or deactivating the roles.
     5. Constraint permissible expressions
        The proposed                 mechanism encompasses the events which enables or disables the
aforesaidtime duration and activation constraints for individual roles.
     6. Event dependencies
        The event dependencies in the proposed                   system represent the expressions of the
inter-dependencies among all the encompassing events.In the development of DEERBAC system
model a number of system constraints have been used. The key constraints are periodicity
constraints, duration constraints, time based role activation constraints, Cardinality constraint on role

                                                  118
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

activation, Event dependencies and constraints of run time request. In expression the periodicity
constraints for user role assignment is given by (                                           while for role
enabling and role permission                         ),                                     expressions are
employed respectively.
        For       duration     constraint      the      expressions
and                                                are used for user-role assignment (          ) and role-
permission assignment        respectively. The sporadic expression implemented in the expressions of
the considered constraints is represented in the form of             [20], in which the variable or entity
  refers the expression representing an infinite combination of periodictime moments, and the
variable entity D refers                    is a time duration representing the lower and upper bounds
which are inflicted on instants inentity . On the other hand the expression                is employed for
stating all the encompassed time durations in composite function
        In this paper, we have also implemented a function                   that represents the collection
of the end points present in the intervals in        that states that in case the entity or function
is represented in the form of a set of durations                                     then; the function can
be given as follows:

       In these mathematical modeling or expressions the variable          denotes the time interval for a
defined constraint.

3.2 Temporal Role Hierarchies
        The overview of the temporal hierarchies of the proposed                  system model has been
discussed in this section.Table-1 illustrates the predicate notations employed for representing the
semantics of the considered hierarchies. The considered entities like predicate enabled, assigned have
been given be presentation                             and                These all notations denote the
status of the roles, roles of user and assignment of role permission at time t, respectively.
        The activation of              by means of predicate signifies that the specific user might
activate specific role       at certain time period . And further it states that the specific user u is
unconditionally or unequivocally allotted to that specific role . The other entity                states
the role is in active state in the specific user’s session or duration at time instant t, while another
entity                   illustrates towards the acquisition of permission by at the session .The
predominant relationships among the predicates are in general considered and emphasized by the
axioms as mentioned in Table 1. Even these axioms do identify the acquisition of permission and the
role activation in the proposed               system model.

                                     TABLE 1: Status Predicates
                  Predicate                                  Meaning
                                        Role is enable at time
                                        User is assigned to role at time
                                        Permission is assigned to role at time
                                          User can active role at time
                                          User can acquire permission at time
                                          Permission     can be acquire through role     at time
                                          Role    is active in user     session   at time
                                          User    acquires permission     in session   at



                                                   119
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

        The axiom 1                                               indicates that in case any person is
allotted to perform a specific role, then the same can be accomplished with the help of that specific
role.Similarly, the second axiom 2 “                                              denotes that all of the
consisting users are facilitated a specific role so that they may activate that specific roles and
function. Axiom 3                                                                        ”, it is stated that
in case a particular user u is provided a role then all the encompassing functionalities or roles r
could be accomplished with the help of that user
        Inthe same way, the ascending axiom 4
                say that in case a user session or duration in which one has to activate a specific
roleR, in that circumstances the user accomplishes then all the permissions that could be collected
through the role . It must be noted that the axioms presented in 1 and 2 illustrates towards the
permission-acquisition and role-activation semantics which are in general governed by overt user-
role and the person or privilege of the role assignment.
        In general, a particular hierarchy of role lengthens the extent of the permission-acquisition
and the semantics of the role-activation further than the preciseallocations by means of hierarchical
relations which are predefined among permitted or considered roles. In our proposed
model or framework the predominant three hierarchies are considered. These are: permission-
inheritance-only         hierarchy         which        is      also       known         as                 ,
                                  or                 , and the third and the last hierarchy are referred to
as                                                or                    [16], [17]. These all framework
hierarchy might be of any kind, either of restricted or unrestricted kinds.
        Among these hierarchies the restricted one might be further classified into two types, weakly
and strongly restricted. The hierarchy of unrestricted type                              that states that in
case there exists           , then the role permission or even acquisition permission could be
accomplished with the help of role which encompasses all the approvals or acknowledgements that
could be gained with the help of specific role .In other way, the permissions of the ascenders roles
are in general inherited or ascended by the roles with higher priority. Meanwhile, the condition
which is in relation to the unrestricted A-hierarchy states that in case a user activates a specific role
  with the condition          , then that user might also initiate the role whether being not assigned
to . Furthermore, the user might not get the          permissions only by initiating . On the other hand,
the permission-inheritance nature is not permitted in an unrestricted A-hierarchy framework. It can
be found that the                      is the specific and of course alone framework that encompasses
both kind of inheritance, like permission inheritance as well as role-activation kind of semantics. The
weakly restricted hierarchy permits the inheritance or the activation semantics in the non-overlapping
activation sessionof the systematically allied roles, on the other hand the hierarchies restricted
strongly permits the inheritance and the activation semantics only in the overlapping causing
sessions.
        As per the considered condition for                                                    is presented,
then only the role is required to be activated at time so as to implement the inheritance semantics.
The roles or defined role might or even might not be activated at that specific time then while, in
case of                    which is a kind of strongly restricted hierarchy framework, if                  is
stated then the entities, and is required to be activated at the specific time so as to employ the
inheritance semantics. The hierarchies like restricted Aand IA are defined in the same way.

IV. EXPRESSIVENESS OF                         MODEL AND ITS MODELING

       The overall system has been introduced in the previous section and has been discuss that the
proposed              modelpermits the characterization of a huge set time-related constraints.
Observing these factors a significant question arises that whether this kind of exhaustive set of
                                                    120
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

temporal constraints is required or is there a minimal combination of constraintswhich posses’
similar expressive capability or capability of expressiveness with all the significant constraint of the
proposed model               . Here, in this presented section, it would be illustrated that all the
encompassing constraints of proposed model are not minimal. Implementing or even considering the
notion of activity-equivalence or a-equivalence, it has been depicted that there exists a negligible set
of system constraint that could have an expressive power equivalent of the proposed
constraint. In the proposed approach and system model we have demonstrated an analysis that in
spite of minimum value, the set representing the non-minimal system constraints facilitates the better
option and efficiency for representing the cloud access constraints. Specifically, this kind of options
and alternatives do permit the users highly robust and convenient system mechanism with
comparatively minimum complexity. Additionally, thehuge sum of access restraints present in
              system facilitates better functional feasibility along with the proper selection of a
semantically apparent characteristicby implementing optimization measures for enhancing the
usability of the model. The following algorithm represents the algorithm presentation for conversion
of the role permission.

       Algorithm
       Input:
          1.
          2.
          3.

           4.
           5.          Substitute all occurrences of                             by
                     in T’
           6.          Perform (add default assignment “            ” to T’
           7.                    Event
                       after
           8.         Replace            =                                    after   ”, such that,

           9.              IF                                   THEN
           10.             ELSE update
           11.             IF                                THEN
           12.             ELSE update
           13.      ENDFOR
           14.      Update Roles’=Roles’
           15.      FOR each role                                   DO
           16.             Update
           17.      ENDFOR
           18.      Update
           19. ENDFOR
                                     Algorithm 1:

4.1 Minimality of DEERBAC
       With a considered               model, all of its system constraints are referred to as Temporal
Constraint and Activation base          this set of constraints,       can be presented as follows:

        In this manuscript and the proposed model, we have employed the name as constraint that
refers towards the combination encompassing the periodicity constraint of specific kinds. For

                                                  121
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

example,         represents user a periodicity constraint which states a role assignment on individual
user’s role and it is expressed as                                   . The periodicity constraints cover
the user role assignments                , role enabling         and role permission assignment
      .
        In the subsequent sections, a short term like                        has been employed in the
specific case of non-empty constraints                                                 and      . In fact
the nature of a              model depends on variable , the clusters of users, their individual roles,
the set of roles and the set of specific permissions as well as the role hierarchy . That’s why; here
in this manuscript the tuple has been employed for presenting a set of , users, roles and permission
as well as role hierarchy that depicts a complete             model.
        In this work a notation          has been defined for reading           . The considered
notation achieves the permission at the time instant under the function . Nowafter defining the
notations the notions of                  in between two             frameworks or configurations
are defined. Few of the dominant notations have been definedas follows:

Definition 1: Activity-equivalence or
In       the       defined                         framework,         the       two       configurations
(                                                and
can represents                            only in the situation when the pairs              satisfies the
conditions             and                     . Again, in case                    and                 the
equivalence condition              is accomplished which exhibits the transitivity property.
        In the proposed                 model                      refers that a particular user could
efficiently exhibit the similar combination of accesses under the two configurations.Therefore, after
replacing the system configurations of        by another configuration       the accesses which are not
permitted for a particular or even individual user, is not altered.It must be noted that in the
considered case as we have takenthe similar set of users and their individual permissions therefore
                    is not must to be implied with that policy equivalence which states that in any
case the two system configurations it is required to consider only similar rule sets. In this work we
have emphasized on illustrating the dissimilar model configurations of constraints as well as roles of
multiple range. This feature permits the similar set of assigned users for accomplishing the same
permission sets and after that it analyzes the configurationally complexities. It makes the system to
perform user role generation and role permission efficiently.
        In the ascending research phasewe have illustrated that the constraint sets of              is not
minimal. These characteristics states that few kinds of constraints can be efficiently removed without
compromising or minimizing the expressive power of                   model.
Implementing the aforementioned                        relations over a set of            model, in this
work we have to present that there exists a minimal presentations which employs only periodicity
and the duration constraints. These all constraints are functional on roles and are activated on per-
role basis.            also considers default assignments for assigning the permissions and users to
the specific roles without characterizing any temporal restrictions.
        In the ascending research phase we have presented certain robust algorithms that could be
employed for generating a-equivalent model or framework for a certain defined model or
configuration.The first algorithm                     generates a highly robust and effective
             framework for a specific                 system configuration, while considering all the
temporal constraints functional on assignments of role-permission displaced by those for enabling
the role. Meanwhile, another algorithm called                    comes up with new framework tothe
input arrangement where all the incorporating or participating assignments of role and the


                                                   122
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

constraints ofper-user-role activation is replaced by the considered role enabling and per-role
activation, respectively.

       Algorithm
       Input:
           1.

           2.

           3.
           4.    Replace all occurrences of                          by                  in T’
           5.    Add default assignment “            ” to T’
           6.    FOR each Event dependencies
                          after
           7.    Replace            where tR’=                                  after ”, such that
           8.    IF                             THEN upate
           9.    ELSE
           10.   IF                            THEN
           11.   ELSE Update
           12.   ENDFOR
           13.   Update Roles’=Roles’
           14.   FOR each role                           DO
           15.                                                    //this is strongly restricted A-
               hierarchy
           16. ENDFOR
           17. Update
           18. ENDFOR
           19.
           20.   ENDFOR
           21.
           22.                                                  DO
           23.   IF
                 //
           24.   FOR each                             DO
           25.   Replace d in T’ by d’ where
           26.   ENDFOR
           27.   IF (                            ) THEN
           28.   Role’=Role’ { };
           29.   FOR each role                             DO
           30.
           31.   ENDFOR
           32.
           33.
           34.   ENDFOR
                                        Algorithm 2

       In the proposed system architecture the algorithm developed depicts that after substituting the
temporal constraints on rolepermissions the minimized system model with similar expressiveness
could be obtained on individual roles and constraints of per-user role. Here theminimal constraint set
(MCS) has been employed for exhibiting the details and reality whether                          model


                                                  123
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

framework or model configuration exists with the minimum number of kinds of constraints. The
definition for the minimal constraints sets have been given in the definition 2.

Definition-2: Minimal Constraint Set
Consider, the factor minimum constraint set is represented by                 which represents the set of
parametric constraints in            , and similarly the variable    refers,                           the
                   set of model configuration of frameworks for certain number, in such a way
that,                                                        ,
The minimum constraint set                 refers the      of constraints set in case there is no any kind
of other configures as                                                             . In this mentioned
situation        and its
The derived definition states that             is that parameter that poses at least unitary temporal
constraint.It must also be noticed that the presented definition refers towards a fact that user role and
its sets as well as its hierarchical assignments with its structures might be diverse for various system
or model configurations. The results accomplished for minimality results in                     model for
cloud environment with its allied expressions have been given in the following theorems
presentation.

Theorem 1: Minimality of              model.
In this theorem consider that        represents the model configuration for            system
architecture in such a way that                                   . In this state there is the
probability of existence of    system configuration. The   configuration posses the following
characteristics:

   1.
   2.

   3.            Is nothing else but the       functional with                             .

        The presented theorem 1 refers that the genuine set of                 modelwhich is not the
minimal because of few dominant parameters or factors like default assignments, periodicity in
framework, time constraints for enabling roles and assignment enabling (              ), constraints for
per role activation      , enables          and the expression for constraint enabling        could be
effectively employed for representing any policy for access control of entire                    model
constraints.
        It can be easily found that the counts of individual roles and its hierarchical complexity
increases by the implementation of the transformation algorithms which do replace the temporal
constraints on assignments by temporal constraints on roles. The fundamental factor and
reasonbehind such model behavior is that the algorithms "                  and               generate a
new specific role though substituting every temporal obligation. Such characteristics might not be
instinctive and competentas it looks like there would be numerous new user’s roles createddue to the
replacements of temporal assignments.In order to generate similar kind of temporally non-
overlapping responsibilities or roles, it is required to divide periodic expressions into a temporally
non-overlapping set of periodic expressions. Once the periodic expressions have been divided then in
the ascending step the formal definitions are facilitated and the algorithms are required to create this
set by generating the disjoint periodicity expressions from a cluster of numerous periodicity
expressions. It must be noted that in our proposed minimal model represents itself as a highly robust
model with temporal parametric constraints on numerous role activations by means of creating some

                                                   124
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

other similar minimal model possessing the temporal constraints on the user role assignments or role
permission assignments in spite of role activation. Since, the roles are the fundamentalbody of
       framework, here in this work we would emphasize on the minimal model.Being referred as
runtime constraints the parametric constraints on the activation of rolecannot possess any
correspondingillustrationemployingindividual role or permission for role assignments.
Thereforethere could be certain temporal constraints on individual roles even after eliminating the
temporal constraints on role activation.

4.2 Operations on Periodicity Expressions
       In this presented section of the manuscript, the fundamental notions ofsuppression,
correspondence, overlapping, and disjunction operationsin between the pairs of periodic expressions
have been discussed.

Definition 3: Relations on periodic expressions.
Consider that                  and                 be the periodic expression. The relations between
these two expressions have been given bellow. The figure as mentioned below refers the relationship
between numerous periodic expressions.
It must be noticed that as mentioned in the 4th definition, it is in general referred as the disjoint in
case of the similar end points of two intervals or durations.The pair wise relations could be extended
for defining relationships of the periodic expressions.
        The set of periodic expressions are considered as similar if all the considered periodic
expressions are similar.In an ideal world, generally it is expected to estimate disjoint clusters of
intervallic expressions which is minimal so as to associate them with individual roles for making
them temporally distinct.

Definition 4: Minimal Disjoin Set
Consider that                           represents the se of a random periodic expression then the
minimal disjoint set           over periodic expression       can be given as the minimum set of
disjoint periodic expressions,        or in mathematics                                 .
In order to accomplish the above mentioned criteria for       , the following conditions are required
to be fulfilled.

   1.
   2.                                         , That means
   3.                                                    and for this it exhibit,


        In this definition, the conditions mentioned in 1st and 2nd terms illustrates that the minimum
disjoint set encompasses set of periodic expressionswhich is disjoint in nature and even contains the
time instants available in all set of periodic expressions given in           .Again the last condition
makes it sure that individual periodic expressions could be present either in or might be disjoint also
from every       .




                                                  125
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME




                 Figure1. Temporal relations between a pair of periodic expressions

Definition 5: Minimum subset (MS) presentation for             in spite of        approach
Consider                                      refers the MDS over periodicity expression,
                          , where n refers certain value.Now, the MS for the considered periodic
expression with condition                 over derived             can be presented is the following
expressions:
                                                         With            .
This is accomplished only in the case:
    •
    • for each duration                   there exists exact singular set                        in such a
        way that it satisfies
Here, it can also be noted that the minimum subset                of     is nothing else but the MS of
        that encompasses all the duration instants of     . .
After defining the       now we emphasize on the illustrations of certain formal characteristicsthat are
allied with the estimation approaches of         and . Since, the expression of the periodicity creates
the set of time instants, therefore the consequences also comes out instantaneously. The algorithms
for generating the           have been given in Algorithm 3.
In the presented algorithm the                    approach estimates the         for certain pairs of
and here it can be noted that in case of equivalence in two expressions the generated
      encompasses only one periodic expression. Meanwhile, in case of disjoint expressions the
generated       consists of both the periodic expressions.

Theorem 2: Generation of          employing                 algorithm
With certain provided random sets of        there is always a set                  , existing in such a
way that
   •
This algorithm estimates the         as output after taking periodic expression as input.
The next section discussesthe algorithm for creating system configuration of                     for our
proposed model after eliminating the temporal constraints from per user role assignments and
computation of Minimum subset and          for periodic expressions.
Once         has been generated we have developed a robust algorithm that generates a
             framework configuration for                  system model by eliminating the temporal
constraints on per user role assignments which was followed by computation of              and        in



                                                   126
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

Theorem 3: rectifications or correctness of              .
With the provided input framework configurations      possessing only the periodicity constraints
for assignments of per user role, the presented algorithm                , generates the output
configurations     :
    •              And in this algorithmic approach      posses no any temporal constraints for
       role assignments on users.

4.3 System Complexity and Design Considerations
        This is matter of fact that the complexity of the                model might have various
dimensions like the uncontrolled and unmanaged counts of individual roles in the
model/framework.In spite of these all, the number of temporal constraints also affects the system
characteristics. In the presented scenario we do emphasize of performance and complexity factors
and have proposed for                in which the user membership is required to be checked for
estimating whether a specific user has been assigned certain role or not. Hence, the factor temporal
assignments added up some more model complexity as compared to the existing
mechanism.Here, we implement system without introducing much constraint and especially the
temporal constrains. Here in spite of verifying membership we do introduce the assurance of
temporal validity for a considered membership. In order to simplify the issues and concepts, in our
work we have developed a foundation hierarchy of                      model that posses the similar
expressive power on the basis of the results obtained earlier and the models performance is explored
on higher hierarchy.
In this work we have employed the notations for presenting the complexity parameters and then the
complexities for policy specifications have been analyzed.As discussed in the previous section about
the minimality results, few of the dominant temporal constraints can be included for our proposed
             system model. These constraints are as follows:
    • Constraints of per user role-enabling or activation
    • Constraints for periodicity and duration
    • Role activation/deactivation constraints
    • Event dependencies ( ) expressed as                                        .

         Algorithm
         Input:
         Output: MDS of
             1. IF (            ) THEN RETURN {      };
             2. IF (         ) THEN RETURN                ;
             3. IF (           ) THEN
             4.          Update           ;
             5.          Update                 ;
             6.          RETURN             ;
             7. IF (           ) THEN
             8.          Update           ;
             9.       Update                  ;
             10.       RETURN           ;
             11. IF (          ) THEN
             12.      Update                  ;
             13.      Update
             14.
             15.
             16.
                                Algorithm 3: Algorithm for MDS pairing


                                                    127
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

            Algorithm
            Input:
            Output: MDS of
            1. Assume that    =
                Define
            3            THEN RETURN ;
                IF       THEN RETURN
            5 IF         THEN
            6          Update MDS=Calc_MDS(                              );
            7          Let MDS computed be
            8          FOR             DO
            9                  Update                                          (
            10.                IF
            11.                ReturnMDS;
            12.                IF
            13.                    Let                     computed be
                                 Update
             5                                             3
             6
             7                 Update
             8                 ENDFOR
            19.                Let S computed be


                                 Update        =
            23.
            24.                  Update MDS=                              );
            25.                  RETURN MDS
            26. END
                             Algorithms 4: Algorithm for

     Algorithm
    Input:
    Output:
        1. Define
                 Define
        2. FOR each R Roles DO
                      Let =                        } and                       } be such that

       3.       Compute MDS of ; Let the computed
                     MDS=                        };
       4.       FOR             DO
       5.            Compute
       6.    ENDFOR
       7.    FOR              MDS DO
       8.            Create a unique role
       9.            FOR all         such that                 DO
       10.           Add default assignment                      in T’.
       11.                Add constraint                in T’.
       12.               Remove constraint                         from T’;
       13.                    Update Roles’ = Roles’           ;
       14.   Update RH’ = RH’               ; // Strongly restricted A-hierarchy
       15.           ENDFOR
       16.   ENDFOR
       17.   ENDFOR
                               Algorithm 5 Algorithm for MDS conversion


                                                           128
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

Table 2 presents the complexity parameters and their respective notations.

                        TABLE 2: Complexity Parameters and its notations
                           Complexity parameter           Notations
                           Role
                           Default (simple) assignment
                           Enabling time constraints on
                           role
                           Temporal constraints on
                           assignments
                           Activation time constraints on
                           roles
                           Hierarchy


                              Table 3: A family of DEERBAC models
           Level                Model                      Constraint Set
             2
             1



             0                       minimal




                              Figure 2. Family of DEERBAC models

        The above mentioned figure (Figure 2) illustrates the minimality framework of the
             for level 0. Now coming up to the level 1, we come across through three frameworks or
models that individually introducea better and highly robust kind of system constraint
to             the proposed              depicts the system model possessing all of its temporal
constraints and the constraints of per-user constraints enabling. Meanwhile,                 indicates
the system model possessing all of the constraints and constraints of role enabling on the other hand
the                represents the system model possessing temporal constraints as well as the

                                                 129
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

constraints of role permission and its assignments. Again in the 2nd level we have consideredthe
               model that contains all the temporal constraints. In our proposed analysis we have
adopted the similar hierarchy.

4.3.1 Constraints on Role Enabling and Assignments
        As discussed earlier that the incorporating model constraints for role-permission assignment
and role activation can be substituted by temporal constraints, then whilesuch kinds of architectural
transformation might come out a huge counts of roles and/or cause the complicated access control
architecture. Here, in this section we have calculated numerous options for selecting constraints for
their role in role enabling or activation as well as permission. Such kind of estimation is solely based
on the comparison the model or framework complexity by employing Level 1 with respect to
numerous presentations employing proposed minimal framework for representing the similar set of
access permissions.
        Considering the algorithm                     , it can be easily found that the model
transformations taking pace with substitution of temporal constraints for role assignments on users
by the temporal constraints is same as it takes place in the transformation to be substitution of the
temporal constraints for permission of roles by the temporal constraints in                        . The
transformation of factors like periodicity and duration takes place in the same approach but the
incorporating constraints are replaced by a new role. Therefore, in order to perform the analysis for
complexity the periodicity constraints are applied and it is used in case of duration constrains also.
Therefore, in this research work we have emphasized on the issue of periodicity constraints and have
explored various significant considerations allied with constraints of duration.A temporal constraint
for assignments of user role refers that the specific user can enable a particular role for the specific
time periods but only in the case of activated roles. In spite of using the constraintfor assignment of
roles on users, here in this we have enforcedthe expected access control mechanism by implementing
the temporal constraints for activation of roles. In the further phases the complexity problems related
to the presentation of the set of access need employing                and              system models.

Representation of
In order to represent the              system model we have used                   algorithm with the
specific               representation in the form of model input. Now, according to this presentation,
a specific role is formed and the assignment of periodic constraint takes place on the newly created
role. For example, for a defined constraint set, a role is created and is added with a newly created
constraint referred as              In alternation the minimal disjoint set mechanism is implemented
by employing                  algorithm.
Mathematically,

=
Now, a specific user role is generated for individual   of                           as

Each user is allotted a set of new roles in corresponding to the        s that comprise the Minimal
Subsetof s allied with user.
                                                  And the user is allotted to the specific roles
corresponding to        and     . It happens only because the specific roles retain their originality in
transformations. It should be noted that for            model presentation.
The presentation or analysis of complexities which is allied with the substitutepresentation with the
proposed              system model has been given as follows:


                                                  130
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

Theorem 4 Expression for complexity in             and              .
Consider refers the number of users which are assigned with individual role . Let the periodic
expression for the user role assignment is                        for    users. In general the
complexity expressions for          and            can also be presented as follows:

               Representation:

               Representation:



And
        The representation of                    refers the most optimum selection choice in terms of
complexity. It is because of the minimum roles, negligible overload due to hierarchy, and no default
role assignments. Additionally, such kind of presentation illustrates complexity free model
architecture that ultimately becomes convenient. The dominant dissimilarity between the models
               and              is that is that the             presentation often creates individual roles
that are in general disjoint in nature that are temporally disjoint. On the other hand the proposed
              framework representation is allied to single role for individual user with a constraint for
temporal assignment constraint.
             In general the presentation of                is same as that of               in the first case.
    The representation of                   is better than                 if the           for all
    with being large. The fact behind this is that the processing costs in the temporal constraints are
    more than the default constraints. The original role and the new role created can be combined. If
    we look at the                 representation the worst case is represented by the third part which is
             in terms of the new roles which are created, the number of hierarchical nodes and the
    temporal constraints on role, and in the default assignment the number of                   . Following
    design guidelines can be visualized from the above observation:
    1. The                    representation is not preferable when compared to the
                       representation as of the several factor like number of hierarchical relations,
        temporal constraints and the number of roles are less complex.
    2. Since there are some common periodic expressions in both                                           and
                     which may lead to the unnecessary temporal constraints.
    3. If we use the representation in the cases illustrated above then it results into same periodic
        constraints on the different role since the algorithm which we used                         is unable
        to minimize the number of constraints which is based upon the common periodic expression.
        For such complications                   would be a good solution.
    4. In               a small        set is used for determining the newly created roles. But somehow
        if all periodic expressions are pair wise disjoint then both the representation become
        equivalent.
    5. If we look at the access specification then the                   representation is highly flexible.
        On the basis of user-role assignment it supports the temporal constraints also in addition with
        the role enabling constraints.
    6. In case these all constraints are employed then the roles can be kept by enabling times fixed
        in a system and the individual user requirement is expressed using that periodic constraints.
    7. Any advantage may not be offered by the                     representation if there are per-user-role
        activation constraints. In the developed model each user is having multiple roles, if in a case
        if the constraint for each user is per-user-role then during the transformed representation extra

                                                     131
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

       steps would be required. To create a hierarchy which has strongly restricted activation
       between the new roles and the original roles          conversion process is required which is
       fulfilled by                   algorithm in developed                  module. Thus if in the
       transformed representation the per-user-role is left unaltered then the per-user-role will still
       be defined in original role but the new representation will still be valid as the users which are
       assigned to the newer role will have to activate it explicitly but such are not so effective as
       the users are assigned to original role. Thus in the presence of per-user-role constraints
       the             and                representations proved to be better than the 2nd level of
                    representation.
    8. If the duration constraints on user-role assignment get replaced by the duration constraints on
       role enabling then it makes it less flexible unlike the periodicity constraints. A duration
       constraint on user-role assignment may get replaced but first is should be taken into
       consideration that dependency semantic should not be lost.
Thus                has better complexity in some terms where as                       provides the best
representation in terms of semantic clarity, higher user creation with efficient role generation and
permission, least complexity and better convenience.

  i.        Activation Constraints
         On the basis of expensiveness when the same set of limitations are taken into consideration,
the comparison of DEERBAC0and DEERBAC01has been made in this section. In addition to the
limitations of              it is taken into assumption that              contains total active duration
constraints for the simplicity. In the complexity expressions the original role or any of the associated
per-role is not included.As the per-role and the original role constraints remain same throughout so,
it is not used. In terms of the minimized number of roles the                            gives a better
representation among the two cases illustrated above. Activation constraints among the cases
illustrated above remains same and the common per-user-role values used in theabove case can
provide better representation than the two cases presented before. The theorem discussed next shows
how complex is the representation by using the common values.

Theorem 5 (Expression for                   and              ).
Suppose if the number of users assigned to role         be      and the total active duration be
                    and the ith user is allowed this duration over role .                            is
the set of distant element . Suppose                  be the number of time d occurs in . The
complexities of the two representations can be explained as follows:
Representation of
    1.
    2.               representation:
Where
    •                                such that              and
    •
    •
Thus, it is clear from all the observation that the representation of                       has several
advantages over the representation of             .
Considering these all mathematical development and system modeling with respect to the problem of
role assignment and per-user role permission, the developed                  system model presents an
optimum solution for access control system with multiple users having huge roles and even without
compromising with the security aspects of the role or users in cloud environment. The results
obtained for different user creation and respective role permission have been presented in the
                                                  132
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

following section and the respective analysis with respect to the time efficiency and robustness have
been given in the next section.

V.     RESULTS AND ANALYSIS

        In this research work a dynamic expiration enabled role based access control
system has been proposed for cloud computing environment. The system model has been developed
with C# programs and Visual Basic 2010 framework. The overall system has been developed and
implemented with Amazon S3 cloud platform. The developed system has been simulated for different
performance parameters like induction of roles and user creation. The relative study for these all
factors has been performed.
        Figure 3 represents the comparative graphs for role initialization and time consumed for role
assignment.




                       Figure: 3. User initialization with 5 role assignments




                       Figure: 4. User initialization with 50 role assignments

       From above mentioned figure 4 it can be visualized that the user creation time increases as
per the increase in roles and even the creation time is decreasing as per increase in users from 200
counts. Comparing it with the previous results, it is clear that the              causes higher user
generation even with minimum assignment time.

                                                133
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME




                       Figure:5. User initialization with 150 role assignments




                       Figure:6. User initialization with 250 role assignments


        The above mentioned figures 5, 6 illustrates that the role assignment time is lower as the
cloud user counts is even increasing. In case of more users creation also the role assignment time is
lower. This characteristic illustrates that the proposed system is highly robust for higher role
assignments to more number of cloud users. The user count and the time of role assignments become
uniform after certain role counts. These characteristics exhibits that the proposed           system
performs better for higher users count and role to be assigned in the competitive cloud environment.
Analyzing the above mentioned figures it can be found that in practical with the proposed
mechanism the user creation is more time consuming as compared to simultaneous role assignments
for multiple users. It can be analyzed that the proposed approach can be fruitful for highly efficient
role assignments even without violating the security aspects.




                                                 134
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME



                                                     70         ROLE GENERATION



                               ROLE GENERATION (s)
                                                     60
                                                     50
                                                     40
                                                     30
                                                     20
                                                     10
                                                     0
                                                                10         50        150          250
                                                                          NUMBER OF ROLES
                                            Figure:7. Role generation Vs Number of Roles



                                                                CLOUD USER CREATION
                                                                            USER
                                            0.4
                                                                             ROLE
                                                           INITILIZATION - 5ROLE ASSIGNMENT
                       EXECUTION TIME (s)




                                                            ASSIGNED PER USER
                                            0.2



                                                     0
                                                           10        30    50   100 150     200     250
                                                                          NUM CLOUD USERS
                     Figure: 8. Cloud role initialization for 5 roles per users



                                                                 CLOUD USERUSER CREATION
                                            1.5                              ROLE ASSIGNMENT
                                                          INITILIZATION - 25 ROLES
                      EXECUTION TIME (s)




                                                     1      ASSIGNED PER USER
                                            0.5


                                                     0
                                                           10        30    50   100  150    200         250
                                                                          NUM CLOUD USERS
                    Figure: 9. Cloud role initialization fro 25 roles per users




                                                                             135
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME


                                                           CLOUD USERUSER CREATION
                                                  4
                                                                        ROLES
                                                    INITILIZATION - 150ROLE ASSIGNMENT



                            EXECUTION TIME (s)
                                                  3
                                                            ASSIGNED
                                                  2

                                                  1

                                                  0
                                                        10   30     50   100  150    200   250
                                                                   NUM CLOUD USERS
                                       Figure:10. Cloud user initialization for 150 roles



                                                             CLOUD USERUSER CREATION
                                                 10
                                                                          ROLES
                                                      INITILIZATION - 250ROLE ASSIGNMENT
                         EXECUTION TIME (s)




                                                              ASSIGNED
                                                  5




                                                  0
                                                        10   30     50   100  150    200   250
                                                                   NUM CLOUD USERS
                                   Figure: 11. Cloud user initialization for 250 roles

         Considering the above mentioned figures it is clear that the proposed              scheme
facilitates the cloud environment to perform efficiently for user-role assignments even with higher
user as well as role counts.

VI.     CONCLUSIONS

       In    this   paper                         a     robust    system    model environment called
                                                                                     for   cloud
                                                                                has been developed that
considered its optimization for few dominant issues like minimality, complexity of constraints,
efficient role activation and assignments withleast threat in cloud. The developed and implemented
system has exhibited system function with high flexibility and spontaneousselection for numerous
constraints expressions. In this research work few guidelines have been proposed that could be
efficiently employed for assisting security policies in selecting more expedient and less complex
system constraintexpressions. The developed system has exhibited optimum performance for higher
count of roles per users even with minimum time duration. On the other hand a dominant
contribution of this work is the inclusion of security issues that aims to perform better in competitive
cloud environment without compromising with the security issues related to role assignments and
user creation or even user-role assignments.


                                                                      136
International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print),
ISSN 0976 - 6375(Online), Volume 4, Issue 5, September - October (2013), © IAEME

REFERENCES

 [1]    D.F. Ferraiolo, D.M. Gilbert, and N. Lynch, “An Examination of Federal and Commercial Access
        Control Policy Needs,” Proc. NISTNCSC Nat’l Computer Security Conf., pp. 107-116, Sept. 1993.
 [2]    J.B.D. Joshi, A. Ghafoor, W. Aref, and E.H. Spafford, “Digital Government Security Infrastructure
        Design Challenges,” Computer, vol. 34, no. 2, pp. 66-72, Feb. 2001.
 [3]    M. Nyanchama and S. Osborn, “The Role Graph Model and Conflict of Interest,” ACM Trans.
        Information and System Security, vol. 2, no. 1, pp. 3-33, 1999.
 [4]    R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “RoleBased Access Control Models,”
        Computer, vol. 29, no. 2, pp. 38-47, Feb. 1996.
 [5]    J.B.D. Joshi, W.G. Aref, A. Ghafoor, and E.H. Spafford, “Security Models for Web-Based
        Applications,” Comm. ACM, vol. 44, no. 2, pp. 38-72, Feb. 2001.
 [6]    S. Osborn, R. Sandhu, and Q. Munawer, “Configuring Role-Based Access Control to Enforce
        Mandatory and Discretionary Access Control Policies,” ACM Trans. Information and System
        Security, vol. 3, no. 2, pp. 85-106, May 2000.
 [7]    R. Sandhu, “Separation of Duties in Computerized Information Systems,” Database Security IV:
        Status and Prospects, pp. 179-189, 1991.
 [8]    R. Simon and M.E. Zurko, “Separation of Duty in Role-Based Environments,” Proc. 10th IEEE
        Computer Security Foundations Workshop, June 1997.
 [9]    E. Ferrari and B. Thuraisingham, “Security and Privacy for Web Databases and Services,” Proc. Int’l
        Conf. Extending Database Technology, pp. 17-28, 2004.
 [10]   J.S. Park, R. Sandhu, and G.J. Ahn, “Role-Based Access Control on the Web,” ACM Trans.
        Information and System Security (TISSEC), vol. 4, no. 1, pp. 37-71, Feb. 2001.
 [11]   B.M. Thuraisingham, C. Clifton, A. Gupta, E. Bertino, and E. Ferrari, “Directions for Web and E-
        Commerce Applications Security,” Proc. Int’l Workshops Enabling Technologies: Infrastructures for
        Collaborative Enterprises, pp. 200-204, 2001.
 [12]   J. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control
        Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005.
 [13]   V. Atluri and A. Gal, “An Authorizaion Model for Temporal and Derived Data: Securing Information
        Portals,” ACM Trans. Information and System Security, vol. 5, no. 1, pp. 62-94, Feb. 2002.
 [14]   E. Bertino, P.A. Bonatti, and E. Ferrari, “TRBAC: A Temporal Role-Based Access Control Model,”
        ACM Trans. Information and System Security, vol. 4, no. 4, 2001.
 [15]   E. Bertino, E. Ferrari, and V. Atluri, “The Specification and Enforcement of Authorization
        Constraints in Workflow Management Systems,” ACM Trans. Information and System Security, vol.
        2, no. 1, pp. 65-104, 1999.
 [16]   J.B.D. Joshi, E. Bertino, and A. Ghafoor, “Temporal Hierarchy and Inheritance Semantics for
        GTRBAC,” Proc. Seventh ACM Symp. Access Control Models and Technologies, June 2002.
 [17]   J. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “Generalized Temporal Role Based Access Control
        Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, Jan. 2005.
 [18]   G. Ahn and R. Sandhu, “Role-Based Authorization Constraints Specification,” ACM Trans.
        Information and System Security, vol. 3, no. 4, Nov. 2000.
 [19]   A. Kumar, N. Karnik, and G. Chafle, “Context Sensitivity in RoleBased Access Control,” ACM
        SIGOPS Operating Systems Rev., vol. 36, no. 3, pp. 53-66, July 2002.
 [20]   M. Niezette and J. Stevenne, “An Efficient Symbolic Representation of Periodic Time,” Proc. First
        Int’l Conf. Information and Knowledge Management, 1992.
 [21]   GK Srinivasa Gowda, CV Srikrishna and Kashyap Dhruve, “Measurement of End to End Delays in
        Ad Hoc 802.11 Networks”, International Journal of Computer Engineering & Technology (IJCET),
        Volume 4, Issue 4, 2013, pp. 100 - 115, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
 [22]   Ruksar Fatima, Dr.Mohammed Zafar Ali Khan, Dr. A. Govardhan and Kashyap Dhruve, “Detecting
        In-Situ Melanoma using Multi Parameter Extraction and Neural Classification Mechanisms”,
        International Journal of Computer Engineering & Technology (IJCET), Volume 4, Issue 1, 2013,
        pp. 16 - 33, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.



                                                   137

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:10/24/2013
language:
pages:23