Bertino et al. propose a temporal Role-based Access Control (TRBAC) model, which allows periodic constraints on roles enabling and disabling, so the users'privileges can be restricted by the time factor. Joshi et al. propose a Generalized TRBAC (GTRBAC) model based on TRBAC. Some periodic constraints and duration constraints on user-role and role-permission assignment, duration constraints on role activation, cardinality constraints on role activation, temporal role hierarchies and temporal separation of duty are introduced to express the corresponding time-based access control policy semantics and enhance the expressiveness of the temporal RBAC model. However, Role Enabling/Disabling does not exist in standard RBAC and raises very complex temporal role hierarchies semantics in GTRBAC. So temporal role hierarchies of GTRBAC is difficult to make in practical use. In this paper, we mainly propose an alternative representation of periodic constraint on role enabling/disabling to simply the complex temporal role hierarchies semantics in GTRBAC. Temporal role hierarchies are denoted by directly defining periodic constraints and duration constraints on role hierarchies according to the roleinheritance semantics in ANSI RBAC. Some case studies are used to illustrate the expressive power of our alternative representation of temporal role hierarchies.

• 出版日期2013