ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A model of authorization for next-generation database systems
Full text PdfPdf (2.79 MB)
Source ACM Transactions on Database Systems (TODS) archive
Volume 16 ,  Issue 1  (March 1991) table of contents
Pages: 88 - 131  
Year of Publication: 1991
ISSN:0362-5915
Authors
Fausto Rabitti  Microelectronics and Computer Technology Corp.
Elisa Bertino  Microelectronics and Computer Technology Corp.
Won Kim  Microelectronics and Computer Technology Corp.
Darrell Woelk  Microelectronics and Computer Technology Corp.
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 130,   Citation Count: 71
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/103140.103144
What is a DOI?

ABSTRACT

The conventional models of authorization have been designed for database systems supporting the hierarchical, network, and relational models of data. However, these models are not adequate for next-generation database systems that support richer data models that include object-oriented concepts and semantic data modeling concepts. Rabitti, Woelk, and Kim [14] presented a preliminary model of authorization for use as the basis of an authorization mechanism in such database systems. In this paper we present a fuller model of authorization that fills a few major gaps that the conventional models of authorization cannot fill for next-generation database systems. We also further formalize the notion of implicit authorization and refine the application of the notion of implicit authorization to object-oriented and semantic modeling concepts. We also describe a user interface for using the model of authorization and consider key issues in implementing the authorization model.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Jay Banerjee , Hong-Tai Chou , Jorge F. Garza , Won Kim , Darrell Woelk , Nat Ballou , Hyoung-Joo Kim, Data model issues for object-oriented applications, ACM Transactions on Information Systems (TOIS), v.5 n.1, p.3-26, Jan. 1987  [doi>10.1145/22890.22945]
 
2
Hong-Tai Chou , Won Kim, A Unifying Framework for Version Control in a CAD Environment, Proceedings of the 12th International Conference on Very Large Data Bases, p.336-344, August 25-28, 1986
 
3
Hong-Tai Chou , Won Kim, Versions and change notification in an object-oriented database system, Proceedings of the 25th ACM/IEEE conference on Design automation, p.275-281, June 12-15, 1988, Atlantic City, New Jersey, United States
 
4
Chris Date, A Guide to DB2, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1984
5
E. B. Fernández , R. C. Summers , C. D. Coleman, An authorization model for a shared data base, Proceedings of the 1975 ACM SIGMOD international conference on Management of data, May 14-16, 1975, San Jose, California  [doi>10.1145/500080.500084]
 
6
FERNANDEZ, E. B., SUMMERS, R. C., AND LANG, T. Definition and evaluation of access rules in data management systems. In Proceedings of the 1st International Conference on Very Large Data Bases (Boston, Mass.). 1975.
 
7
Eduardo B. Fernandez , Rita C. Summers , Christopher Wood, Database Security and Integrity, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1981
 
8
GRAHAM, G. S., AND DENNING, P.J. Protection: Principles and practice. In AFIPS Conference Proceedings 40, 1972 SJCC. AFIPS Press, Montvale, N.J., 1972, pp. 417-429.
9
Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976  [doi>10.1145/320473.320482]
10
Won Kim , Elisa Bertino , Jorge F. Garza, Composite objects revisited, Proceedings of the 1989 ACM SIGMOD international conference on Management of data, p.337-347, June 1989, Portland, Oregon, United States
11
Won Kim , Jay Banerjee , Hong-Tai Chou , Jorge F. Garza , Darrel Woelk, Composite object support in an object-oriented database system, Conference proceedings on Object-oriented programming systems, languages and applications, p.118-125, October 04-08, 1987, Orlando, Florida, United States
12
Won Kim , Nat Ballou , Jay Banerjee , Hong-Tai Chou , Jorge G. Garza , Darrell Woelk, Integrating an object-oriented programming system with a database system, Conference proceedings on Object-oriented programming systems, languages and applications, p.142-152, September 25-30, 1988, San Diego, California, United States
 
13
LAMPSON, B. W. Protection. In Proceedings of the 5th Annual Princeton Conference on Information Sciences and Systems. 1971.
 
14
Fausto Rabitti , Darrell Woelk , Won Kim, A Model of Authorization for Object-Oriented and Semantic Databases, Proceedings of the International Conference on Extending Database Technology: Advances in Database Technology, p.231-250, March 14-18, 1988
15
M. B. Thuraisingham, Mandatory security in object-oriented database systems, Conference proceedings on Object-oriented programming systems, languages and applications, p.203-210, October 02-06, 1989, New Orleans, Louisiana, United States

CITED BY  71
Joel Richardson , Peter Schwarz , Luis-Felipe Cabrera, CACL: efficient fine-grained protection for objects, ACM SIGPLAN Notices, v.27 n.10, p.263-275, Oct. 1992
Matunda Nyanchama , Sylvia Osborn, The role graph model, Proceedings of the first ACM Workshop on Role-based access control, p.12-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States
Raymond K. Wong, RBAC support in object-oriented role databases, Proceedings of the second ACM workshop on Role-based access control, p.109-120, November 06-07, 1997, Fairfax, Virginia, United States
Elisa Bertino , Claudio Bettini , Pierangela Samarati, A discretionary access control model with temporal authorizations, Proceedings of the 1994 workshop on New security paradigms, p.102-107, August 1994, Little Compton, Rhode Island, United States
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, An Extended Authorization Model for Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.1, p.85-101, January 1997
Matunda Nyanchama , Sylvia Osborn, The role graph model and conflict of interest, ACM Transactions on Information and System Security (TISSEC), v.2 n.1, p.3-33, Feb. 1999
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States
Prasun Dewan , Honghai Shen, Controlling access in multiuser interfaces, ACM Transactions on Computer-Human Interaction (TOCHI), v.5 n.1, p.34-62, March 1998
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, ACM SIGMOD Record, v.26 n.2, p.474-485, June 1997
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002
Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Controlled access and dissemination of XML documents, Proceedings of the 2nd international workshop on Web information and data management, p.22-27, November 02-06, 1999, Kansas City, Missouri, United States
Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
Keishi Tajima, Static detection of security flaws in object-oriented databases, ACM SIGMOD Record, v.25 n.2, p.341-352, June 1996
Jonathon E. Tidswell , Geoffrey H. Outhred , John M. Potter, Dynamic rights: safe extensible access control, Proceedings of the fourth ACM workshop on Role-based access control, p.113-120, October 28-29, 1999, Fairfax, Virginia, United States
Towards a configurable security architecture, Data Engineering, v.38 n.2, p.121-145, 08/01/2001
HongHai Shen , Prasun Dewan, Access control for collaborative environments, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, p.51-58, November 01-04, 1992, Toronto, Ontario, Canada
Marianne Winslett , Kenneth Smith , Xiaolei Qian, Formal query languages for secure relational databases, ACM Transactions on Database Systems (TODS), v.19 n.4, p.626-662, Dec. 1994
Vijayalakshmi Atluri , Avigdor Gal, An authorization model for temporal and derived data: securing information portals, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.62-94, February 2002
Piero Bonatti , Sabrina de Capitani di Vimercati , Pierangela Samarati, A modular approach to composing access control policies, Proceedings of the 7th ACM conference on Computer and communications security, p.164-173, November 01-04, 2000, Athens, Greece
Elisa Bertino , Claudio Bettini , Pierangela Samarati, A temporal authorization model, Proceedings of the 2nd ACM Conference on Computer and communications security, p.126-135, November 1994, Fairfax, Virginia, United States
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems (TOIS), v.17 n.2, p.101-140, April 1999
Sang-Won Lee , Yong-Han Kim , Hyoung-Joo Kim, The semantics of an extended referential integrity for a multilevel secure relational data model, Data & Knowledge Engineering, v.48 n.1, p.129-152, January 2004
H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997
Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001
Serge Abiteboul , Anthony Bonner, Objects and views, ACM SIGMOD Record, v.20 n.2, p.238-247, June 1991
Vram Kouramajian , Ross Dargahi , Jerry Fowler , Donald Baker, Consortium: a framework for transactions in collaborative environments, Proceedings of the fourth international conference on Information and knowledge management, p.260-265, November 29-December 02, 1995, Baltimore, Maryland, United States
Wen-Gong Shieh , Bob P. Weems , Krishna M. Kavi, Extending N-grid group authorization using compact encoding, Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing: technological challenges of the 1990's, p.190-196, April 1992, Kansas City, Missouri, United States
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
Elisa Bertino , Barbara Catania , Elena Ferrari , Paolo Perlasca, A logical framework for reasoning about access control models, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.71-127, February 2003
Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
Won Kim, Research directions in object-oriented database systems, Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.1-15, April 02-04, 1990, Nashville, Tennessee, United States
Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002
Sushil Jajodia , Duminda Wijesekera, Recent advances in access control models, Proceedings of the fifteenth annual working conference on Database and application security, p.3-15, July 15-18, 2001, Niagara, Ontario, Canada
Gerald Brose, Manageable access control for CORBA, Journal of Computer Security, v.10 n.4, p.301-337, December 2002
Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
E. B. Fernandez , E. Gudes , H. Song, A Model for Evaluation and Administration of Security in Object-Oriented Databases, IEEE Transactions on Knowledge and Data Engineering, v.6 n.2, p.275-292, April 1994
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A non-timestamped authorization model for data management systems, Proceedings of the 3rd ACM conference on Computer and communications security, p.169-178, March 14-15, 1996, New Delhi, India
N. R. Adam , V. Atluri , E. Bertino , E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.296-315, March 2002
Tor Didriksen, Rule based database access control—a practical approach, Proceedings of the second ACM workshop on Role-based access control, p.143-151, November 06-07, 1997, Fairfax, Virginia, United States
Indrakshi Ray , Indrajit Ray , Natu Narasimhamurthi, A cryptographic solution to implement access control in a hierarchy and more, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA
Paul Ammann , Sushil Jajodia , Peng Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, v.14 n.5, p.1167-1185, September 2002
Bo Luo , Dongwon Lee , Wang-Chien Lee , Peng Liu, QFilter: fine-grained run-time XML access control via NFA-based query rewriting, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA
Pramote Luenam , Peng Liu, ODAR: an on-the-fly damage assessment and repair system for commercial database applications, Proceedings of the fifteenth annual working conference on Database and application security, p.239-252, July 15-18, 2001, Niagara, Ontario, Canada
Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, A compressed accessibility map for XML, ACM Transactions on Database Systems (TODS), v.29 n.2, p.363-402, June 2004
Pierangela Samarati , Elisa Bertino , Sushil Jajodia, An Authorization Model for a Distributed Hypertext System, IEEE Transactions on Knowledge and Data Engineering, v.8 n.4, p.555-562, August 1996
Martin S. Olivier, Using organisational safeguards to make justifiable privacy decisions when processing personal data, Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, p.275-284, September 17-19, 2003
A. Belussi , E. Bertino , B. Catania , M. L. Damiani , A. Nucita, An authorization model for geographical maps, Proceedings of the 12th annual ACM international workshop on Geographic information systems, November 12-13, 2004, Washington DC, USA
E. Bertino , E. Ferrari , G. Mella, An approach to cooperative updates of XML documents in distributed systems, Journal of Computer Security, v.13 n.2, p.191-242, March 2005
Ji-Won Byun , Elisa Bertino , Ninghui Li, Purpose based access control of complex data for privacy protection, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Issa Traoré , Suraiya Khan, A protection scheme for collaborative environments, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Ji-Won Byun , Elisa Bertino, Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges, ACM SIGMOD Record, v.35 n.1, p.9-13, March 2006
Matunda Nyanchama , Sylvia Osborn, Role-based security: pros, cons, & some research directions, ACM SIGSAC Review, v.11 n.2, p.11-17, Spring 1993
Peng Liu , Hai Wang , Lunquan Li, Real-time data attack isolation for commercial database applications, Journal of Network and Computer Applications, v.29 n.4, p.294-320, November 2006
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases, Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems, p.1-35, February 13-15, 2005, Salzburg, Austria
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases, p.1-10, February 13-15, 2005, Salzburg, Austria
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.292-324, August 2006
Eduardo Fernández-Medina , Juan Trujillo , Rodolfo Villarroel , Mario Piattini, Access control and audit model for the multidimensional modeling of data warehouses, Decision Support Systems, v.42 n.3, p.1270-1289, December 2006
G. Aggarwal , M. Bawa , P. Ganesan , H. Garcia-Molina , K. Kenthapadi , N. Mishra , R. Motwani , U. Srivastava , D. Thomas , J. Widom , Y. Xu, Vision paper: enabling privacy for the paranoids, Proceedings of the Thirtieth international conference on Very large data bases, p.708-719, August 31-September 03, 2004, Toronto, Canada
Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, Compressed accessibility map: efficient access control for XML, Proceedings of the 28th international conference on Very Large Data Bases, p.478-489, August 20-23, 2002, Hong Kong, China
Irini Fundulaki , Sebastian Maneth, Formalizing XML access control for update operations, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Jae-Gil Lee , Kyu-Young Whang , Wook-Shin Han , Il-Yeol Song, The dynamic predicate: integrating access control with query processing in XML databases, The VLDB Journal — The International Journal on Very Large Data Bases, v.16 n.3, p.371-387, July 2007
E. Ferrari , N.R. Adam , V. Atluri , E. Bertino , U. Capuozzo, An authorization system for digital libraries, The VLDB Journal — The International Journal on Very Large Data Bases, v.11 n.1, p.58-67, August 2002
R. Braumandl , M. Keidl , A. Kemper , D. Kossmann , A. Kreutz , S. Seltzsam , K. Stocker, ObjectGlobe: Ubiquitous query processing on the Internet, The VLDB Journal — The International Journal on Very Large Data Bases, v.10 n.1, p.48-71, August 2001
Dirk Jonscher , Klaus R. Dittrich, An Approach for Building Secure Database Federations, Proceedings of the 20th International Conference on Very Large Data Bases, p.24-35, September 12-15, 1994
Nurith Gal-Oz , Ehud Gudes , Eduardo B. Fernández, A Model of Methods Access Authorization in Object-oriented Databases, Proceedings of the 19th International Conference on Very Large Data Bases, p.52-61, August 24-27, 1993
Matunda Nyanchama , Sylvia Osborn, Role-based security, object oriented databases and separation of duty, ACM SIGMOD Record, v.22 n.4, p.45-51, Dec. 1993
Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000
Sabrina De Capitani Di Vimercati , Sara Foresti , Pierangela Samarati , Sushil Jajodia, Access control policies and languages, International Journal of Computational Science and Engineering, v.3 n.2, p.94-102, November 2007
Ulf T. Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering, p.236-244, May 02-04, 2008, Sofia, Bulgaria
Leon Pan , Chang N. Zhang, A criterion-based multilayer access control approach for multimedia applications and the implementation considerations, ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP), v.5 n.2, p.1-29, November 2008

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.1 Logical Design
          Subjects: Data models

Additional Classification:
  D. Software
  D.1 PROGRAMMING TECHNIQUES

  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**


General Terms:
Design, Security, Theory


Keywords:
object-oriented database, semantic database


REVIEW

"Jane B. Grimson : Reviewer"

The authors present an authorization model designed for post-relational database management systems (DBMSs) that are based on object-oriented or semantic data models. They argue that conventional approaches to authorization, based   more...

Collaborative Colleagues:
Fausto Rabitti: colleagues
Elisa Bertino: colleagues
Won Kim: colleagues
Darrell Woelk: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player