On an authorization mechanism

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On an authorization mechanism

Full text

Pdf (790 KB)

Source

ACM Transactions on Database Systems (TODS) archive
Volume 3 , Issue 3 (September 1978) table of contents

Pages: 310 - 319

Year of Publication: 1978

ISSN:0362-5915

Author

Ronald Fagin

IBM Research Lab, San Jose, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 74, Citation Count: 23

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/320263.320288 What is a DOI?

ABSTRACT

Griffiths and Wade (ACM Trans. Database Syst. 1,3, (Sept. 1976), 242-255) have defined a dynamic authorization mechanism that goes beyond the traditional password approach. A database user can grant or revoke privileges (such as to read, insert, or delete) on a file that he has created. Furthermore, he can authorize others to grant these same privileges. The database management system keeps track of a directed graph, emanating from the creator, of granted privileges. The nodes of the graph correspond to users, and the edges (each of which is labeled with a timestamp) correspond to grants. The edges are of two types, corresponding to whether or not the recipient of the grant has been given the option to make further grants of this privilege. Furthermore, for each pair A, B of nodes, there can be no more than one edge of each type from A to B. We modify this approach by allowing graphs in which there can be multiple edges of each type from one node to another. We prove correctness (in a certain strong sense) for our modified authorization mechanism. Further, we show by example that under the original mechanism, the system might forbid some user from exercising or granting a privilege that he “should” be allowed to exercise or grant.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Patricia P. Griffiths , Bradford W. Wade, An authorization mechanism for a relational database system, ACM Transactions on Database Systems (TODS), v.1 n.3, p.242-255, Sept. 1976 [doi>10.1145/320473.320482]
	2	Michael A. Harrison , Walter L. Ruzzo , Jeffrey D. Ullman, Protection in operating systems, Communications of the ACM, v.19 n.8, p.461-471, Aug. 1976 [doi>10.1145/360303.360333]
	3	R. J. Lipton , L. Snyder, A Linear Time Algorithm for Deciding Subject Security, Journal of the ACM (JACM), v.24 n.3, p.455-464, July 1977 [doi>10.1145/322017.322025]
	4	TAYLOR, A. Another security approach steps beyond passwords. Computerworld 10, 49, Dec. 6, 1976, p. 13.
	5	~oYsEY, H. San Jose: Home of System R. Computing Europe, Oct. 28, 1976, p. 8.

CITED BY 23

	Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems (TOIS), v.17 n.2, p.101-140, April 1999
	Elisa Bertino , Pierangela Samarati , Sushil Jajodia, An Extended Authorization Model for Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.1, p.85-101, January 1997
	Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States
	Dorothy E. Denning , Peter J. Denning, Data Security, ACM Computing Surveys (CSUR), v.11 n.3, p.227-249, Sept. 1979
	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, ACM SIGMOD Record, v.26 n.2, p.474-485, June 1997
	Won Kim, Relational Database Systemsr, ACM Computing Surveys (CSUR), v.11 n.3, p.187-211, Sept. 1979
	P. Selinger, Chickens and eggs—the interrelationship of systems and theory, Proceedings of the sixth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.250-253, March 23-25, 1987, San Diego, California, United States
	Donald D. Chamberlin , Morton M. Astrahan , Michael W. Blasgen , James N. Gray , W. Frank King , Bruce G. Lindsay , Raymond Lorie , James W. Mehl , Thomas G. Price , Franco Putzolu , Patricia Griffiths Selinger , Mario Schkolnick , Donald R. Slutz , Irving L. Traiger , Bradford W. Wade , Robert A. Yost, A history and evaluation of System R, Communications of the ACM, v.24 n.10, p.632-646, Oct. 1981
	Amit P. Sheth , James A. Larson, Federated database systems for managing distributed, heterogeneous, and autonomous databases, ACM Computing Surveys (CSUR), v.22 n.3, p.183-236, Sept. 1990
	Pierangela Samarati , Paul Ammann , Sushil Jajodia, Propagation of authorizations in distributed database systems, Proceedings of the 2nd ACM Conference on Computer and communications security, p.136-147, November 1994, Fairfax, Virginia, United States
	Gerald Brose, Manageable access control for CORBA, Journal of Computer Security, v.10 n.4, p.301-337, December 2002
	Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
	H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997
	Ivo Majetic , Ernst L. Leiss, Authorization and Revocation in Object-Oriented Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.4, p.668-672, July 1997
	Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, A compressed accessibility map for XML, ACM Transactions on Database Systems (TODS), v.29 n.2, p.363-402, June 2004
	Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
	Sang-Won Lee , Yong-Han Kim , Hyoung-Joo Kim, The semantics of an extended referential integrity for a multilevel secure relational data model, Data & Knowledge Engineering, v.48 n.1, p.129-152, January 2004
	Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Stefan Büttcher , Charles L. A. Clarke, A security model for full-text file system search in multi-user environments, Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies, p.13-13, December 13-16, 2005, San Francisco, CA
	Donald D. Chamberlin , A. M. Gilbert , Robert A. Yost, A history of system R and SQL/data system, Proceedings of the seventh international conference on Very Large Data Bases, p.456-464, September 09-11, 1981, Cannes, France
	Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, Compressed accessibility map: efficient access control for XML, Proceedings of the 28th international conference on Very Large Data Bases, p.478-489, August 20-23, 2002, Hong Kong, China
	Dirk Jonscher , Klaus R. Dittrich, An Approach for Building Secure Database Federations, Proceedings of the 20th International Conference on Very Large Data Bases, p.24-35, September 12-15, 1994
	Hua Wang , Jinli Cao , Yanchun Zhang, Delegating revocations and authorizations in collaborative business environments, Information Systems Frontiers, v.11 n.3, p.293-305, July 2009