ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An authorization mechanism for a relational database system
Full text PdfPdf (1.11 MB)
Source ACM Transactions on Database Systems (TODS) archive
Volume 1 ,  Issue 3  (September 1976) table of contents
Pages: 242 - 255  
Year of Publication: 1976
ISSN:0362-5915
Authors
Patricia P. Griffiths  IBM Research Lab., San Jose, CA
Bradford W. Wade  IBM Research Lab., San Jose, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 29,   Downloads (12 Months): 168,   Citation Count: 80
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/320473.320482
What is a DOI?

ABSTRACT

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized users. Further, when tables or restricted views of tables are created and destroyed dynamically, the granting, authentication, and revocation of authorization to use them must also be dynamic. Each of these issues and their solutions in the context of the relational database management system System R are discussed. When a database user creates a table, he is fully and solely authorized to perform upon it actions such as read, insert, update, and delete. He may explicitly grant to any other user any or all of his privileges on the table. In addition he may specify that that user is authorized to further grant these privileges to still other users. The result is a directed graph of granted privileges originating from the table creator. At some later time a user A may revoke some or all of the privileges which he previously granted to another user B. This action usually revokes the entire subgraph of the grants originating from A's grant to B. It may be, however, that B will still possess the revoked privileges by means of a grant from another user C, and therefore some or all of B's grants should not be revoked. This problem is discussed in detail, and an algorithm for detecting exactly which of B's grants should be revoked is presented.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
M. M. Astrahan , M. W. Blasgen , D. D. Chamberlin , K. P. Eswaran , J. N. Gray , P. P. Griffiths , W. F. King , R. A. Lorie , P. R. McJones , J. W. Mehl , G. R. Putzolu , I. L. Traiger , B. W. Wade , V. Watson, System R: relational approach to database management, ACM Transactions on Database Systems (TODS), v.1 n.2, p.97-137, June 1976  [doi>10.1145/320455.320457]
 
2
BOYCE, R.F., AND CHAMBERLIN, D.D. Using a structured English query language as a data definition facility. Res. Rep. RJ1318, IBM Research Laboratory, San jose, Calif., Dec. 10, 1973.
3
Donald D. Chamberlin , Raymond F. Boyce, SEQUEL: A structured English query language, Proceedings of the 1974 ACM SIGFIDET (now SIGMOD) workshop on Data description, access and control, p.249-264, May 01-03, 1974, Ann Arbor, Michigan  [doi>10.1145/800296.811515]
 
4
CHAMBERLIN, D.D., GrtAv, J.N., AND TRAIGER, I.L. Views, authorization, and locking in a relational data base system. Proc. AFIPS 1975 NCC, Vol. 44, AFIPS Press, Montvale, N.J., pp. 425-430.
5
E. F. Codd, A relational model of data for large shared data banks, Communications of the ACM, v.13 n.6, p.377-387, June 1970  [doi>10.1145/362384.362685]
 
6
CODD, E.F. A data base sublanguage founded on the relational calculus. Proc. 1971 ACM- SIGFIDET Workshop on Data Description, Access, and Control, San Diego, Calif., Nov. 11-12, 1971, pp. 35-68.
 
7
Corn), E.F. Further normalization of the data base relational model, in Courant Computer Science Symposium, Vol. 6: Data Base Systems, R. Rustin, Ed., Prentice-Hall, Englewood Cliffs, N.J., 1971, pp. 33-64.
 
8
CODD, E.F. Relational completeness of data base sublanguages. In Courant Computer Science Symposium, Vol. 6: Data Base Systems, R. Rustin, Ed., Prentice-Hall, Englewood Cliffs, N.J., 1971, pp. 65-98.
 
9
CODD, E.F. Recent investigations in relational data base systems. Proc. IFIP Congr. 1974, North-Holland Pub. Co., Amsterdam, pp. 1017-1021.
 
10
C. J. Date, An introduction to database systems: vol. I (4th ed.), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1986
 
11
GRAHAM, G.S., AND DENNING, P.J. Protection--principles and practice. Proc. AFIPS 1972 SJCC, Vol. 40, AFIPS Press, Montvale, N.J., pp. 417-429.
 
12
Anita Katherine Jones, Protection in programmed systems., 1973
 
13
LAMPSON, B.W. Protection. Proc. Fifth Annual Princeton Conf., Princeton U., Princeton, N.J., March 1971, pp. 437-443.
 
14
MINSKY, N. Protection of data-bases and the process of user data-base interaction. Tech. Rep. SOSAP-TR-11, Rutgers U., New Brunswick, N.J., Sept. 1974.
 
15
R. C. Owens, PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS, Massachusetts Institute of Technology, Cambridge, MA, 1971
 
16
REDELL, D.D. Naming and protection in extendible operating systems. Ph.D. th., U. of California, Berkeley, Calif., Sept. 1974.
 
17
STONEBRAKER, M.R., hnD WONG, E. Access control in a relational data base management system by query modification. Memo No. ERL-M438, Electronics Research Lab., U. of California, Berkeley, Calif., May 1974.
 
18
SUMMERS, R.C., COLEMAN, C.D., AND FERNANDEZ, E.B. A programming language approach to secure data base access. Tech. Rep. G320-2662, IBM Los Angeles Scientific Center, May 1974.

CITED BY  80
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, An Extended Authorization Model for Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.1, p.85-101, January 1997
Anthony Klug , Rod Price, Determining View dependencies using tableaux, ACM Transactions on Database Systems (TODS), v.7 n.3, p.361-380, Sept. 1982
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States
Thorsten Hampel , Reinhard Keil-Slawik, sTeam - Designing an integrative infrastructure for Web-based computer-supported cooperative learning, Proceedings of the 10th international conference on World Wide Web, p.76-85, May 01-05, 2001, Hong Kong, Hong Kong
Dorothy E. Denning , Peter J. Denning, Data Security, ACM Computing Surveys (CSUR), v.11 n.3, p.227-249, Sept. 1979
P. Selinger, Chickens and eggs—the interrelationship of systems and theory, Proceedings of the sixth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.250-253, March 23-25, 1987, San Diego, California, United States
Michael Stonebraker, Retrospection on a database system, ACM Transactions on Database Systems (TODS), v.5 n.2, p.225-240, June 1980
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A non-timestamped authorization model for data management systems, Proceedings of the 3rd ACM conference on Computer and communications security, p.169-178, March 14-15, 1996, New Delhi, India
Randy H. Katz, A database approach for managing VLSI design data, Proceedings of the 19th conference on Design automation, p.274-282, January 1982
Won Kim, Relational Database Systemsr, ACM Computing Surveys (CSUR), v.11 n.3, p.187-211, Sept. 1979
Jonathan D. Moffett , Emil C. Lupu, The uses of role hierarchies in access control, Proceedings of the fourth ACM workshop on Role-based access control, p.153-160, October 28-29, 1999, Fairfax, Virginia, United States
Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991
Jonathan E. Shopiro, Theseus—a programming language for relational databeses, ACM Transactions on Database Systems (TODS), v.4 n.4, p.493-517, Dec. 1979
Mark R. Brown , Roderic G. G. Cattell , Norihisa Suzuki, The cedar DBMS: a preliminary report, Proceedings of the 1981 ACM SIGMOD international conference on Management of data, April 29-May 01, 1981, Ann Arbor, Michigan
Donald D. Chamberlin , Morton M. Astrahan , Michael W. Blasgen , James N. Gray , W. Frank King , Bruce G. Lindsay , Raymond Lorie , James W. Mehl , Thomas G. Price , Franco Putzolu , Patricia Griffiths Selinger , Mario Schkolnick , Donald R. Slutz , Irving L. Traiger , Bradford W. Wade , Robert A. Yost, A history and evaluation of System R, Communications of the ACM, v.24 n.10, p.632-646, Oct. 1981
Naftaly H. Minsky , Abe D. Lockman, Ensuring integrity by adding obligations to privileges, Proceedings of the 8th international conference on Software engineering, p.92-102, August 28-30, 1985, London, England
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, High assurance discretionary access control for object bases, Proceedings of the 1st ACM conference on Computer and communications security, p.140-150, November 03-05, 1993, Fairfax, Virginia, United States
Sushil Jajodia , Ravi Sandhu, Toward a multilevel secure relational data model, ACM SIGMOD Record, v.20 n.2, p.50-59, June 1991
Amit P. Sheth , James A. Larson, Federated database systems for managing distributed, heterogeneous, and autonomous databases, ACM Computing Surveys (CSUR), v.22 n.3, p.183-236, Sept. 1990
Matthias Jarke , Jurgen Koch, Query Optimization in Database Systems, ACM Computing Surveys (CSUR), v.16 n.2, p.111-152, June 1984
Naftaly H. Minsky, Selective and locally controlled transport of privileges, ACM Transactions on Programming Languages and Systems (TOPLAS), v.6 n.4, p.573-602, Oct. 1984
L. M. Haas , J. C. Freytag , G. M. Lohman , H. Pirahesh, Extensible query processing in starburst, ACM SIGMOD Record, v.18 n.2, p.377-388, June 1989
sTeam: structuring information in team-distributed knowledge management in cooperative learning environments, Journal on Educational Resources in Computing (JERIC), v.1 n.2es, Summer 2001
Pierangela Samarati , Paul Ammann , Sushil Jajodia, Propagation of authorizations in distributed database systems, Proceedings of the 2nd ACM Conference on Computer and communications security, p.136-147, November 1994, Fairfax, Virginia, United States
Gerald Brose, Manageable access control for CORBA, Journal of Computer Security, v.10 n.4, p.301-337, December 2002
H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997
Elisa Bertino , Claudio Bettini , Pierangela Samarati, A temporal authorization model, Proceedings of the 2nd ACM Conference on Computer and communications security, p.126-135, November 1994, Fairfax, Virginia, United States
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems (TOIS), v.17 n.2, p.101-140, April 1999
Gary H. Sockut , Robert P. Goldberg, Database Reorganization—Principles and Practice, ACM Computing Surveys (CSUR), v.11 n.4, p.371-395, Dec. 1979
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, ACM SIGMOD Record, v.26 n.2, p.474-485, June 1997
Kyu-Young Whang , Art Ammann , Anthony Bolmarcich , Maria Hanrahan , Guy Hochgesang , Kuan-Tsae Huang , Al Khorasani , Ravi Krishnamurthy , Gary Sockut , Paula Sweeney , Vance Waddle , Moshé Zloof, Office-by-example: an integrated office system and database manager, ACM Transactions on Information Systems (TOIS), v.5 n.4, p.393-427, Oct. 1987
Irene Greif , Sunil Sarin, Data sharing in group work, ACM Transactions on Information Systems (TOIS), v.5 n.2, p.187-211, April 1987
E. F. Codd, Relational database: a practical foundation for productivity, Communications of the ACM, v.25 n.2, p.109-117, Feb 1982
Ronald Fagin, On an authorization mechanism, ACM Transactions on Database Systems (TODS), v.3 n.3, p.310-319, Sept. 1978
C. T. Yu , F. Y. Chin, A study on the protection of statistical data bases, Proceedings of the 1977 ACM SIGMOD international conference on Management of data, August 03-05, 1977, Toronto, Ontario, Canada
Peng Liu , Xu Hao, Efficient damage assessment and repair in resilient distributed database systems, Proceedings of the fifteenth annual working conference on Database and application security, p.75-89, July 15-18, 2001, Niagara, Ontario, Canada
Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
E. B. Fernandez , E. Gudes , H. Song, A Model for Evaluation and Administration of Security in Object-Oriented Databases, IEEE Transactions on Knowledge and Data Engineering, v.6 n.2, p.275-292, April 1994
Paul Ammann , Sushil Jajodia , Peng Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, v.14 n.5, p.1167-1185, September 2002
Prasun Dewan , HongHai Shen, Flexible meta access-control for collaborative applications, Proceedings of the 1998 ACM conference on Computer supported cooperative work, p.247-256, November 14-18, 1998, Seattle, Washington, United States
Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, A compressed accessibility map for XML, ACM Transactions on Database Systems (TODS), v.29 n.2, p.363-402, June 2004
Pramote Luenam , Peng Liu, ODAR: an on-the-fly damage assessment and repair system for commercial database applications, Proceedings of the fifteenth annual working conference on Database and application security, p.239-252, July 15-18, 2001, Niagara, Ontario, Canada
Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
Sang-Won Lee , Yong-Han Kim , Hyoung-Joo Kim, The semantics of an extended referential integrity for a multilevel secure relational data model, Data & Knowledge Engineering, v.48 n.1, p.129-152, January 2004
Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
T. F. Lunt , D. E. Denning , R. R. Schell , M. Heckman , W. R. Shockley, The SeaView Security Model, IEEE Transactions on Software Engineering, v.16 n.6, p.593-607, June 1990
David L. Spooner, Specification of content-dependent security policies, Proceedings of the 1983 annual conference on Computers : Extending the human resource, p.141-145, January 1983
Peng Liu , Hai Wang , Lunquan Li, Real-time data attack isolation for commercial database applications, Journal of Network and Computer Applications, v.29 n.4, p.294-320, November 2006
Teresa F. Lunt , Eduardo B. Fernandez, Database security, ACM SIGMOD Record, v.19 n.4, p.90-97, Dec. 1990
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases, Proceedings of the 4th WSEAS International Conference on Software Engineering, Parallel & Distributed Systems, p.1-35, February 13-15, 2005, Salzburg, Austria
Ulf Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases, p.1-10, February 13-15, 2005, Salzburg, Austria
Ashwin Machanavajjhala , Johannes Gehrke, On the efficiency of checking perfect privacy, Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 26-28, 2006, Chicago, IL, USA
Keith Irwin , Ting Yu , William H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
He Wang , Sylvia L. Osborn, Delegation in the role graph model, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Stefan Büttcher , Charles L. A. Clarke, A security model for full-text file system search in multi-user environments, Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies, p.13-13, December 13-16, 2005, San Francisco, CA
H. Rex Hartson , David K. Hsiao, A semantic model for data base protection languages, Proceedings of the second international conference on Systems for Large Data Bases, p.27-42, September 08-10, 1976, Brussels, Belgium, North Holland
Daniel J. Rosenkrantz , Harry B. Hunt III, Processing conjunctive predicates and queries, Proceedings of the sixth international conference on Very Large Data Bases, p.64-72, October 01-03, 1980, Montreal, Quebec, Canada
David K. Hsiao , Douglas S. Kerr , Stuart E. Madnick, Privacy and security of data communications and data bases, Proceedings of the fourth international conference on Very Large Data Bases, p.55-67, September 13-15, 1978, West Berlin, Germany
Donald D. Chamberlin , A. M. Gilbert , Robert A. Yost, A history of system R and SQL/data system, Proceedings of the seventh international conference on Very Large Data Bases, p.456-464, September 09-11, 1981, Cannes, France
U. Bussolati , Giancarlo Martella, A database approach to modelling and managing security information, Proceedings of the seventh international conference on Very Large Data Bases, p.532-542, September 09-11, 1981, Cannes, France
Naftaly H. Minsky, Synergistic authorization in database systems, Proceedings of the seventh international conference on Very Large Data Bases, p.543-552, September 09-11, 1981, Cannes, France
Rudolf Munz , H.-J. Schneider , Frank Steyer, Application of sub-predicate tests in database systems, Proceedings of the fifth international conference on Very Large Data Bases, p.426-435, October 03-05, 1979, Rio de Janeiro, Brazil
Christopher Wood , Eduardo B. Fernández, Decentralized authorization in a database system, Proceedings of the fifth international conference on Very Large Data Bases, p.352-359, October 03-05, 1979, Rio de Janeiro, Brazil
Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, Compressed accessibility map: efficient access control for XML, Proceedings of the 28th international conference on Very Large Data Bases, p.478-489, August 20-23, 2002, Hong Kong, China
Deborah Downs , Gerald J. Popek, A Kernel design for a secure data base management system, Proceedings of the third international conference on Very large data bases, p.507-514, October 06-08, 1977, Tokyo, Japan
Alex Roichman , Ehud Gudes, Fine-grained access control to web databases, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
François Bancilhon , Nicolas Spyratos, Protection of information in relational data bases, Proceedings of the third international conference on Very large data bases, p.494-500, October 06-08, 1977, Tokyo, Japan
Rafae Bhatti , Dengfeng Gao , Wen-Syan Li, Enabling policy-based access control in BI applications, Data & Knowledge Engineering, v.66 n.2, p.199-222, August, 2008
Richard Snodgrass, Reminiscences in influential papers, ACM SIGMOD Record, v.27 n.1, p.54-57, March 1998
I. A. Chen , D. McLeod, Derived data update in semantic databases, Proceedings of the 15th international conference on Very large data bases, p.225-235, July 1989, Amsterdam, The Netherlands
Dirk Jonscher , Klaus R. Dittrich, An Approach for Building Secure Database Federations, Proceedings of the 20th International Conference on Very Large Data Bases, p.24-35, September 12-15, 1994
Kenneth R. Abbott , Dennis R. McCarthy, Administration and Autonomy in a Replication-Transparent Distributed DBMS, Proceedings of the 14th International Conference on Very Large Data Bases, p.195-205, August 29-September 01, 1988
David L. Spooner , Arthur M. Keller , Gio Wiederhold , John Salasin , Deborah Heystek, Framework for the Security Component of an Ada DBMS, Proceedings of the 12th International Conference on Very Large Data Bases, p.347-354, August 25-28, 1986
Joseph Y. Halpern , Vicky Weissman, Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security (TISSEC), v.11 n.4, p.1-41, July 2008
Maria Luisa Damiani , Elisa Bertino , Claudio Silvestri, Spatial Domains for the Administration of Location-based Access Control Policies, Journal of Network and Systems Management, v.16 n.3, p.277-302, September 2008
Jodie P. Boyer , Ragib Hasan , Lars E. Olson , Nikita Borisov , Carl A. Gunter , David Raila, Improving multi-tier security using redundant authentication, Proceedings of the 2007 ACM workshop on Computer security architecture, November 02-02, 2007, Fairfax, Virginia, USA
E. F. Codd, Relational database: a practical foundation for productivity, ACM Turing award lectures, ACM, New York, NY, 2007
Ulf T. Mattsson, A real-time intrusion prevention system for commercial enterprise databases and file systems, Proceedings of the 10th WSEAS International Conference on Mathematical Methods and Computational Techniques in Electrical Engineering, p.236-244, May 02-04, 2008, Sofia, Bulgaria
Lars E. Olson , Carl A. Gunter , P. Madhusudan, A formal framework for reflective database access control policies, Proceedings of the 15th ACM conference on Computer and communications security, October 27-31, 2008, Alexandria, Virginia, USA
Fred Maryanski, Data-server design issues, Proceedings of the June 7-10, 1982, national computer conference, June 07-10, 1982, Houston, Texas

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.4 Systems
          Subjects: Relational databases

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.0 General
          Subjects: Security, integrity, and protection**


General Terms:
Design, Security


Keywords:
access control, authorization, data dependent authorization, database systems, privacy, protection in databases, revocation of authorization, security

Collaborative Colleagues:
Patricia P. Griffiths: colleagues
Bradford W. Wade: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player