A flexible authorization mechanism for relational data management systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A flexible authorization mechanism for relational data management systems

Full text

Pdf (258 KB)

Source

ACM Transactions on Information Systems (TOIS) archive
Volume 17 , Issue 2 (April 1999) table of contents

Pages: 101 - 140

Year of Publication: 1999

ISSN:1046-8188

Authors

Elisa Bertino	Univ. di Milano, Milan, Italy
Sushil Jajodia	George Mason Univ., Fairfax, VA
Pierangela Samarati	Univ. di Milano, Milan, Italy

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 16, Downloads (12 Months): 99, Citation Count: 25

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/306686.306687 What is a DOI?

ABSTRACT

In this article, we present an authorization model that can be used to express a number of discretionary access control policies for relational data management systems. The model permits both positive and negative authorizations and supports exceptions at the same time. The model is flexible in that the users can specify, for each authorization they grant, whether the authorization can allow for exceptions or whether it must be strongly obeyed. It provides authorization management for groups with exceptions at any level of the group hierarchy, and temporary suspension of authorizations. The model supports ownership together with decentralized administration of authorizations. Administrative privileges can also be restricted so that owners retain control over their tables.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	2	Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, A Temporal Access Control Mechanism for Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.67-80, February 1996 [doi>10.1109/69.485637]
	3	BERTINO, E., JAJODIA, S., AND SAMARATI, P. 1996b. A flexible authorization mechanism for relational data management systems. Tech. Rep. Computer Science Department, Universit di Milano, Milan, Italy.
	4	Elisa Bertino , Sushi1 Jajodia , Pierangela Samarati, Supporting Multiple Access Control Policies in Database Systems, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.94, May 06-08, 1996
	5	Elisa Bertino , Pierangela Samarati , Sushil Jajodia, An Extended Authorization Model for Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.1, p.85-101, January 1997 [doi>10.1109/69.567051]
	6	BR GGEMANN, H. H. 1992. Rights in an object-oriented environment. In Database Security V, Status and Prospects, C. Landwehr and S. Jajodia, Eds. Elsevier North-Holland, Inc., New York, NY.
	7	Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	8	Ronald Fagin, On an authorization mechanism, ACM Transactions on Database Systems (TODS), v.3 n.3, p.310-319, Sept. 1978 [doi>10.1145/320263.320288]
	9	GAGLIARDI, R., LAPIS, G., AND LINDSAY, B. 1989. A flexible and efficient database authorization facility. Tech. Rep. RJ 6826(65360). IBM Almaden Research Center.
	10	Nurith Gal-Oz , Ehud Gudes , Eduardo B. Fernández, A Model of Methods Access Authorization in Object-oriented Databases, Proceedings of the 19th International Conference on Very Large Data Bases, p.52-61, August 24-27, 1993
	11	Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976 [doi>10.1145/320473.320482]
	12	INFORMIX. 1993. Informix-Online #Secure. Security Features User's Guide. Informix Software, Inc.
	13	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	14	LORETTI, S. 1996. Flexauth system--User manual. Computer Science Department, Universit di Milano, Milan, Italy.
	15	LUNT, T. F. 1989. Access control policies for database systems. In Database Security II: Status and Prospects, C. E. Landwehr, Ed. North-Holland Publishing Co., Amsterdam, The Netherlands, 41-52.
	16	LUNT, T. F., DENNING, D. E., SCHELL, R. R., HECKMAN, M., AND SHOCKLY, W. R. 1989. Secure distributed data views. Tech. Rep. Computer Science Laboratory, SRI International, Menlo Park, CA. Volumes 1-4.
	17	MELTON, J. 1990. ISO/ANSI working draft--Database language sql2. Tech. Rep. ANSI X3H2-90-309. ANSI, New York, NY.
	18	Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991 [doi>10.1145/103140.103144]
	19	M. Satyanarayanan, Integrating security in a large distributed system, ACM Transactions on Computer Systems (TOCS), v.7 n.3, p.247-280, Aug. 1989 [doi>10.1145/65000.65002]
	20	SELINGER, P. G. 1990. Authorizations and views. In Distributed Data Bases, I. W. Draffan and F. Pooe, Eds. Cambridge University Press, New York, NY.
	21	HongHai Shen , Prasun Dewan, Access control for collaborative environments, Proceedings of the 1992 ACM conference on Computer-supported cooperative work, p.51-58, November 01-04, 1992, Toronto, Ontario, Canada [doi>10.1145/143457.143461]

CITED BY 25

	Piero Bonatti , Sabrina De Capitani di Vimercati , Pierangela Samarati, An algebra for composing access control policies, ACM Transactions on Information and System Security (TISSEC), v.5 n.1, p.1-35, February 2002
	Horst F. Wedde , Mario Lischka, Modular authorization, Proceedings of the sixth ACM symposium on Access control models and technologies, p.97-105, May 2001, Chantilly, Virginia, United States
	Piero Bonatti , Sabrina de Capitani di Vimercati , Pierangela Samarati, A modular approach to composing access control policies, Proceedings of the 7th ACM conference on Computer and communications security, p.164-173, November 01-04, 2000, Athens, Greece
	Duminda Wijesekera , Sushil Jajodia, Policy algebras for access control the predicate case, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
	Sang-Won Lee , Yong-Han Kim , Hyoung-Joo Kim, The semantics of an extended referential integrity for a multilevel secure relational data model, Data & Knowledge Engineering, v.48 n.1, p.129-152, January 2004
	Sushil Jajodia , Pierangela Samarati , Maria Luisa Sapino , V. S. Subrahmanian, Flexible support for multiple access control policies, ACM Transactions on Database Systems (TODS), v.26 n.2, p.214-260, June 2001
	Elisa Bertino , Jianping Fan , Elena Ferrari , Mohand-Said Hacid , Ahmed K. Elmagarmid , Xingquan Zhu, A hierarchical access control model for video database systems, ACM Transactions on Information Systems (TOIS), v.21 n.2, p.155-191, April 2003
	Radu Sion, Query execution assurance for outsourced databases, Proceedings of the 31st international conference on Very large data bases, August 30-September 02, 2005, Trondheim, Norway
	Arnon Rosenthal , Edward Sciore, Administering permissions for distributed data: factoring and automated inference, Proceedings of the fifteenth annual working conference on Database and application security, p.91-104, July 15-18, 2001, Niagara, Ontario, Canada
	Radu Sion , Mikhail Atallah , Sunil Prabhakar, Rights protection for relational data, Proceedings of the 2003 ACM SIGMOD international conference on Management of data, June 09-12, 2003, San Diego, California
	Clemens Kerer , Engin Kirda , Roman Kurmanowytsch, A Generic Content-Management Tool for Web Databases, IEEE Internet Computing, v.6 n.4, p.38-42, July 2002
	Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003
	Radu Sion , Mikhail Atallah , Sunil Prabhakar, Rights Protection for Relational Data, IEEE Transactions on Knowledge and Data Engineering, v.16 n.12, p.1509-1525, December 2004
	Joachim Biskup , Sandra Wortmann, Towards a credential-based implementation of compound access control policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	N. R. Adam , V. Atluri , E. Bertino , E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.296-315, March 2002
	Radu Sion , Mikhail Atallah , Sunil Prabhakar, Rights Protection for Categorical Data, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.912-926, July 2005
	Ashwin Machanavajjhala , Johannes Gehrke, On the efficiency of checking perfect privacy, Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 26-28, 2006, Chicago, IL, USA
	Eduardo Fernández-Medina , Juan Trujillo , Rodolfo Villarroel , Mario Piattini, Access control and audit model for the multidimensional modeling of data warehouses, Decision Support Systems, v.42 n.3, p.1270-1289, December 2006
	Gail-Joon Ahn , Badrinath Mohan , Seng-Phil Hong, Towards secure information sharing using role-based delegation, Journal of Network and Computer Applications, v.30 n.1, p.42-59, January 2007
	Eldon Y. Li , Timon C. Du , Jacqueline W. Wong, Access control in collaborative commerce, Decision Support Systems, v.43 n.2, p.675-685, March, 2007
	R. Braumandl , M. Keidl , A. Kemper , D. Kossmann , A. Kreutz , S. Seltzsam , K. Stocker, ObjectGlobe: Ubiquitous query processing on the Internet, The VLDB Journal — The International Journal on Very Large Data Bases, v.10 n.1, p.48-71, August 2001
	Maria Luisa Damiani , Elisa Bertino , Claudio Silvestri, Spatial Domains for the Administration of Location-based Access Control Policies, Journal of Network and Systems Management, v.16 n.3, p.277-302, September 2008
	H. A. Ali, A new approach for building secure applications based on internet infrastructure, International Journal of Computer Applications in Technology, v.24 n.3, p.144-155, July 2005
	Sylvia Encheva , Sharil Tumin, Preventing conflict situations during authorization, WSEAS Transactions on Computers, v.7 n.4, p.265-272, April 2008
	Elisa Bertino , Bhavani Thuraisingham , Michael Gertz , Maria Luisa Damiani, Security and privacy for geospatial data: concepts and research directions, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California

INDEX TERMS

Primary Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Access controls

Additional Classification:
H. Information Systems
H.2 DATABASE MANAGEMENT
H.2.7 Database Administration
Subjects: Security, integrity, and protection

General Terms:
Security, Theory

Keywords:
access control mechanism, access control policy, authorization, data management system, group management support, relational database

REVIEW

"Eduardo B. Fernandez : Reviewer"

While relational databases are in widespread use and probably will be for a while, most of the work on their theoretical aspects, including security, was done in the 1970s. In other words, relational databases are no longer in the forefront of more...

Collaborative Colleagues:

Elisa Bertino: colleagues

Sushil Jajodia: colleagues

Pierangela Samarati: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player