{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:18:08Z","timestamp":1759133888138,"version":"3.44.0"},"reference-count":45,"publisher":"SAGE Publications","issue":"6","license":[{"start":{"date-parts":[[2015,9,22]],"date-time":"2015-09-22T00:00:00Z","timestamp":1442880000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2015,9,22]]},"abstract":"<jats:p>Context-aware access control systems should reactively adapt access control decisions to dynamic environmental conditions. In this paper we present ERBAC\u00a0\u2013 an event-driven extension of the TRBAC model that allows the specification and enforcement of general reactive policies\u00a0\u2013 and its implementation. While almost all the individual features of ERBAC occur separately in some previous model, the detailed design of the policy language, its implementation in XACML, and its testing contribute to the development of expressive, event-driven policy frameworks by demonstrating that this rich model can be satisfactorily implemented, and that its expressivity and performance are compatible with a variety of realistic application scenarios. In particular, a number of examples illustrate ERBAC\u2019s expressive power, and its ability of handling exceptional situations in a flexible way, while keeping policies compact and manageable. The prototype extends XACML\u2019s language and the implementation of the PDP to support the new model. Systematic scalability experiments show that the computational cost of policy rule evaluation in ERBAC is compatible with real-world applications.<\/jats:p>","DOI":"10.3233\/jcs-150539","type":"journal-article","created":{"date-parts":[[2015,12,18]],"date-time":"2015-12-18T08:08:28Z","timestamp":1450426108000},"page":"709-757","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":14,"title":["Event-driven RBAC"],"prefix":"10.1177","volume":"23","author":[{"given":"Piero","family":"Bonatti","sequence":"first","affiliation":[{"name":"Dipartimento di Ingegneria Elettrica e Tecnologie dell\u2019Informazione, Universit\u00e0 di Napoli \u201cFederico\u00a0II\u201d, Via Claudio, 80125, Napoli, Italy. E-mails:\u00a0,\u00a0"}]},{"given":"Clemente","family":"Galdi","sequence":"additional","affiliation":[{"name":"Dipartimento di Ingegneria Elettrica e Tecnologie dell\u2019Informazione, Universit\u00e0 di Napoli \u201cFederico\u00a0II\u201d, Via Claudio, 80125, Napoli, Italy. E-mails:\u00a0,\u00a0"}]},{"given":"Davide","family":"Torres","sequence":"additional","affiliation":[{"name":"Publiservizi s.r.l., C.so P. Giannone, 50 - 81100 - Caserta, Italy. E-mail:\u00a0"}]}],"member":"179","published-online":{"date-parts":[[2015,10,2]]},"reference":[{"key":"e_1_3_2_2_1","doi-asserted-by":"crossref","unstructured":"[1]R.\u00a0Abdunabi I.\u00a0Ray and R.\u00a0France Specification and analysis of access control policies for mobile applications in: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies SACMAT\u201913 ACM New York NY USA 2013 pp.\u00a0173\u2013184.","DOI":"10.1145\/2462410.2463206"},{"key":"e_1_3_2_3_1","doi-asserted-by":"crossref","unstructured":"[2]S.\u00a0Aich S.\u00a0Mondal S.\u00a0Sural and A.\u00a0Majumdar Role based access control with spatiotemporal context for mobile applications in: Transactions on Computational Science IV LNCS Vol.\u00a05430 Springer Berlin 2009 pp.\u00a0177\u2013199.","DOI":"10.1007\/978-3-642-01004-0_10"},{"key":"e_1_3_2_4_1","doi-asserted-by":"crossref","unstructured":"[3]S.\u00a0Aich S.\u00a0Sural and A.\u00a0Majumdar STARBAC: Spatiotemporal role based access control in: Proceedings of the 2007 OTM Confederated International Conferences: CoopIS DOA ODBASE GADA and IS \u2013 Part II Springer Berlin 2007 pp.\u00a01567\u20131582.","DOI":"10.1007\/978-3-540-76843-2_32"},{"key":"e_1_3_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581276"},{"key":"e_1_3_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/293910.293151"},{"key":"e_1_3_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501979"},{"key":"e_1_3_2_8_1","unstructured":"[7]P.\u00a0Bonatti C.\u00a0Galdi and D.\u00a0Torres ERBAC prototype implementation available at: http:\/\/wpage.unina.it\/clemente.galdi\/ERBAC."},{"key":"e_1_3_2_9_1","doi-asserted-by":"crossref","unstructured":"[8]P.\u00a0Bonatti C.\u00a0Galdi and D.\u00a0Torres ERBAC: Event-driven RBAC in: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies SACMAT\u201913 ACM New York NY USA 2013 pp.\u00a0125\u2013136.","DOI":"10.1145\/2462410.2462415"},{"key":"e_1_3_2_10_1","doi-asserted-by":"crossref","unstructured":"[9]S.\u00a0Chandran and J.\u00a0Joshi LoT-RBAC: A location and time-based RBAC model in: Web Information Systems Engineering WISE 2005 A.\u00a0Ngu M.\u00a0Kitsuregawa E.\u00a0Neuhold J.-Y.\u00a0Chung and Q.\u00a0Sheng eds LNCS Vol.\u00a03806 Springer Berlin 2005 pp.\u00a0361\u2013375.","DOI":"10.1007\/11581062_27"},{"key":"e_1_3_2_11_1","doi-asserted-by":"crossref","unstructured":"[10]L.\u00a0Chen and J.\u00a0Crampton On spatio-temporal constraints and inheritance in role-based access control in: Proceedings of the 2008 ACM Symposium on Information Computer and Communications Security ASIACCS\u201908 ACM New York NY USA 2008 pp.\u00a0205\u2013216.","DOI":"10.1145\/1368310.1368341"},{"key":"e_1_3_2_12_1","unstructured":"[11]T.H.\u00a0Cormen C.E.\u00a0Leiserson R.L.\u00a0Rivest and C.\u00a0Stein Introduction to Algorithms 3rd edn MIT Press Cambridge MA USA 2009."},{"key":"e_1_3_2_13_1","doi-asserted-by":"crossref","unstructured":"[12]M.J.\u00a0Covington P.\u00a0Fogla Z.\u00a0Zhan and M.\u00a0Ahamad A context-aware security architecture for emerging applications in: Proceedings of the 18th Annual Computer Security Applications Conference ACSAC\u201902 IEEE Computer Society Washington DC USA 2002 pp.\u00a0249\u2013258.","DOI":"10.1109\/CSAC.2002.1176296"},{"key":"e_1_3_2_14_1","doi-asserted-by":"crossref","unstructured":"[13]M.J.\u00a0Covington W.\u00a0Long S.\u00a0Srinivasan A.K.\u00a0Dev M.\u00a0Ahamad and G.D.\u00a0Abowd Securing context-aware applications using environment roles in: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies SACMAT\u201901 ACM New York NY USA 2001 pp.\u00a010\u201320.","DOI":"10.1145\/373256.373258"},{"key":"e_1_3_2_15_1","doi-asserted-by":"crossref","unstructured":"[14]M.L.\u00a0Damiani E.\u00a0Bertino B.\u00a0Catania and P.\u00a0Perlasca GEO-RBAC: A spatially aware RBAC ACM Trans. Inf. Syst. Secur. 10(1) (2007) Article No. 2.","DOI":"10.1145\/1210263.1210265"},{"key":"e_1_3_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"e_1_3_2_17_1","doi-asserted-by":"crossref","unstructured":"[16]C.K.\u00a0Georgiadis I.\u00a0Mavridis G.\u00a0Pangalos and R.K.\u00a0Thomas Flexible team-based access control using contexts in: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies SACMAT\u201901 2001 pp.\u00a021\u201327.","DOI":"10.1145\/373256.373259"},{"key":"e_1_3_2_18_1","doi-asserted-by":"crossref","unstructured":"[17]L.\u00a0Giuri and P.\u00a0Iglio Role templates for content-based access control in: Second ACM Workshop on Role-Based Access Control 1997 pp.\u00a0153\u2013159.","DOI":"10.1145\/266741.266773"},{"key":"e_1_3_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2005.18"},{"key":"e_1_3_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.1"},{"key":"e_1_3_2_21_1","doi-asserted-by":"crossref","unstructured":"[20]D.\u00a0Kulkarni and A.\u00a0Tripathi Context-aware role-based access control in pervasive computing systems in: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies SACMAT\u201908 2008 pp.\u00a0113\u2013122.","DOI":"10.1145\/1377836.1377854"},{"key":"e_1_3_2_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.11"},{"key":"e_1_3_2_23_1","doi-asserted-by":"crossref","unstructured":"[22]O.G.\u00a0Morchon and K.\u00a0Wehrle Efficient and context-aware access control for pervasive medical sensor networks in: PerCom Workshops IEEE 2010 pp.\u00a0322\u2013327.","DOI":"10.1109\/PERCOMW.2010.5470649"},{"key":"e_1_3_2_24_1","doi-asserted-by":"crossref","unstructured":"[23]O.G.\u00a0Morchon and K.\u00a0Wehrle Modular context-aware access control for medical sensor networks in: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies SACMAT\u201910 B.\u00a0Carminati and J.\u00a0Joshi eds 2010 pp.\u00a0129\u2013138.","DOI":"10.1145\/1809842.1809864"},{"key":"e_1_3_2_25_1","unstructured":"[24]OASIS Consortium Core and hierarchical role based access control (RBAC) profile of XACML v2.0 available at: https:\/\/docs.oasis-open.org\/xacml\/2.0\/access_control-xacml-2.0-rbac-profile1-spec-os.pdf."},{"key":"e_1_3_2_26_1","unstructured":"[25]OASIS Consortium Extensible access control markup language (XACML) v. 2.0."},{"key":"e_1_3_2_27_1","unstructured":"[26]OpenGIS Consortium Geography Markup Language (GML) simple features profile available at: http:\/\/www.opengeospatial.org\/standards\/gml."},{"key":"e_1_3_2_28_1","unstructured":"[27]OpenGIS Consortium Geospatial eXtensible Access Control Markup Language (GeoXACML) v 1.0 available at: http:\/\/www.opengeospatial.org\/standards\/geoxacml."},{"key":"e_1_3_2_29_1","unstructured":"[28]OpenGIS Consortium GeoXACML implementation specification \u2013 Extension B (GML3) encoding available at: http:\/\/www.opengeospatial.org\/standards\/gml."},{"key":"e_1_3_2_30_1","unstructured":"[29]OpenGIS Consortium Implementation Standard for Geographic information \u2013 Simple feature access \u2013 Part 1: Common architecture available at: http:\/\/www.opengeospatial.org\/standards\/sfa."},{"key":"e_1_3_2_31_1","doi-asserted-by":"crossref","unstructured":"[30]S.\u00a0Osborne\u00a0(ed.) Fifth ACM Workshop on Role-Based Access Control ACM New York NY USA 2000.","DOI":"10.1145\/344287.344299"},{"key":"e_1_3_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_3_2_33_1","doi-asserted-by":"crossref","unstructured":"[32]I.\u00a0Ray M.\u00a0Kumar and L.\u00a0Yu LRBAC: A location-aware role-based access control model in: ICISS A.\u00a0Bagchi and V.\u00a0Atluri eds LNCS Vol.\u00a04332 Springer 2006 pp.\u00a0147\u2013161.","DOI":"10.1007\/11961635_10"},{"key":"e_1_3_2_34_1","doi-asserted-by":"crossref","unstructured":"[33]I.\u00a0Ray and M.\u00a0Toahchoodee A spatio-temporal role-based access control model in: Data and Applications Security XXI S.\u00a0Barker and G.-J.\u00a0Ahn eds LNCS Vol.\u00a04602 Springer Berlin 2007 pp.\u00a0211\u2013226.","DOI":"10.1007\/978-3-540-73538-0_16"},{"key":"e_1_3_2_35_1","doi-asserted-by":"crossref","unstructured":"[34]I.\u00a0Ray and M.\u00a0Toahchoodee A spatio-temporal access control model supporting delegation for pervasive computing applications in: Trust Privacy and Security in Digital Business LNCS Vol.\u00a05185 Springer Berlin 2008 pp.\u00a048\u201358.","DOI":"10.1007\/978-3-540-85735-8_6"},{"key":"e_1_3_2_36_1","doi-asserted-by":"crossref","unstructured":"[35]G.\u00a0Sampemane P.\u00a0Naldurg and R.H.\u00a0Campbell Access control for active spaces in: Proceedings of the 18th Annual Computer Security Applications Conference ACSAC\u201902 IEEE Computer Society Washington DC USA 2002 p.\u00a0343.","DOI":"10.1109\/CSAC.2002.1176306"},{"key":"e_1_3_2_37_1","doi-asserted-by":"crossref","unstructured":"[36]R.S.\u00a0Sandhu Role hierarchies and constraints for lattice-based access controls in: ESORICS E.\u00a0Bertino H.\u00a0Kurth G.\u00a0Martella and E.\u00a0Montolivo eds LNCS Vol.\u00a01146 Springer Berlin 1996 pp.\u00a065\u201379.","DOI":"10.1007\/3-540-61770-1_28"},{"key":"e_1_3_2_38_1","unstructured":"[37]R.S.\u00a0Sandhu\u00a0(ed.) Second ACM Workshop on Role-Based Access Control ACM New York NY USA 1997."},{"key":"e_1_3_2_39_1","unstructured":"[38]R.S.\u00a0Sandhu\u00a0(ed.) Third ACM Workshop on Role-Based Access Control ACM New York NY USA 1998."},{"key":"e_1_3_2_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_3_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015040.1015043"},{"key":"e_1_3_2_42_1","unstructured":"[41]Sun Microsystems Sun\u2019s xacml implementation available at: http:\/\/sunxacml.sourceforge.net."},{"key":"e_1_3_2_43_1","doi-asserted-by":"crossref","unstructured":"[42]F.\u00a0Turkmen and B.\u00a0Crispo Performance evaluation of XACML PDP implementations in: Proceedings of the 2008 ACM Workshop on Secure Web Services SWS\u201908 ACM New York NY USA 2008 pp.\u00a037\u201344.","DOI":"10.1145\/1456492.1456499"},{"key":"e_1_3_2_44_1","unstructured":"[43]Vivid Solutions JTS topology suite available at: http:\/\/www.vividsolutions.com\/jts\/jtshome.htm."},{"key":"e_1_3_2_45_1","unstructured":"[44]XACML enterprise available at: http:\/\/code.google.com\/p\/enterprise-java-xacml\/."},{"key":"e_1_3_2_46_1","unstructured":"[45]XACML light available at: http:\/\/sourceforge.net\/projects\/xacmllight\/."}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-150539","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-150539","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-150539","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T08:50:49Z","timestamp":1757667049000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-150539"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,9,22]]},"references-count":45,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2015,9,22]]}},"alternative-id":["10.3233\/JCS-150539"],"URL":"https:\/\/doi.org\/10.3233\/jcs-150539","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"type":"print","value":"0926-227X"},{"type":"electronic","value":"1875-8924"}],"subject":[],"published":{"date-parts":[[2015,9,22]]}}}