ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An authorization model for temporal and derived data: securing information portals
Full text PdfPdf (407 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 ,  Issue 1  (February 2002) table of contents
Pages: 62 - 94  
Year of Publication: 2002
ISSN:1094-9224
Authors
Vijayalakshmi Atluri  Rutgers University, Newark, NJ
Avigdor Gal  Rutgers University, Newark, NJ
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 111,   Citation Count: 11
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/504909.504912
What is a DOI?

ABSTRACT

The term information portals refers to Web sites that serve as main providers of focused information, gathered from distributed data sources. Gathering and disseminating information through information portals introduce new security challenges. In particular, the authorization specifications, as well as the granting process, are temporal by nature. Also, more often than not, the information provided by the portal is in fact derived from more than one backend data source. Therefore, any authorization model for information portals should support access control based on temporal characteristics of the data, and also should provide tools to prevent indirect unauthorized access through the use of derived data. In this article we focus our attention on devising such an authorization model. The distinguishing features of this model include: (1) the specification of authorizations based on temporal characteristics of data, and (2) a formal framework to derive authorizations in a consistent and safe manner, based on relationships among data.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Vijayalakshmi Atluri , Wei-kuang Huang, An Authorization Model for Workflows, Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security, p.44-64, September 25-27, 1996
 
2
Vijayalakshmi Atluri , Wei-Kuang Huang, Enforcing mandatory and discretionary security in workflow management systems, Journal of Computer Security, v.5 n.4, p.303-339, Oct. 1997
3
Elisa Bertino , Claudio Bettini , Pierangela Samarati, A temporal authorization model, Proceedings of the 2nd ACM Conference on Computer and communications security, p.126-135, November 1994, Fairfax, Virginia, United States  [doi>10.1145/191177.191202]
4
Elisa Bertino , Elena Ferrari , Vijayalakshmi Atluri, A flexible model supporting the specification and enforcement of role-based authorization in workflow management systems, Proceedings of the second ACM workshop on Role-based access control, p.1-12, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266746]
5
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, Authorizations in relational database management systems, Proceedings of the 1st ACM conference on Computer and communications security, p.130-139, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168605]
6
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, High assurance discretionary access control for object bases, Proceedings of the 1st ACM conference on Computer and communications security, p.140-150, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168606]
 
7
Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, A Temporal Access Control Mechanism for Database Systems, IEEE Transactions on Knowledge and Data Engineering, v.8 n.1, p.67-80, February 1996  [doi>10.1109/69.485637]
8
Elisa Bertino , Claudio Bettini , Elena Ferrari , Pierangela Samarati, An access control model supporting periodicity constraints and temporal reasoning, ACM Transactions on Database Systems (TODS), v.23 n.3, p.231-285, Sept. 1998  [doi>10.1145/293910.293151]
 
9
BLAUSTEIN, B., MCCOLLUM, C., NOTARGIACOMO, L., SMITH, K., AND GRAUBART, R. 1995. Autonomy and confidentiality: Secure federated data management. In Proceedings of the Second International Workshop on Next Generation Information Technologies and Systems (NGITS '95) (Nahariya, Israel, June), 59-68.
 
10
CLARK, D. D. AND WILSON, D. R. 1987. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., April), 184-194.
11
James Clifford , Abdullah Uz Tansel, On an algebra for historical relational databases: two views, Proceedings of the 1985 ACM SIGMOD international conference on Management of data, p.247-265, May 1985, Austin, Texas, United States
 
12
Sabrina De Capitani di Vimercati , Pierangela Samarati, Authorization specification and enforcement in federated database systems, Journal of Computer Security, v.5 n.2, p.155-188, Jan. 1997
13
Opher Etzion, PARDES: a data-driven oriented active database model, ACM SIGMOD Record, v.22 n.1, p.7-14, March 1993  [doi>10.1145/156883.156884]
 
14
FERNANDEZ, E. B., GUDES, E., AND SONG, H. 1989. A security model for object-oriented databases. In Proceedings of the IEEE Symposium on Security and Privacy (May), 110-115.
15
Avigdor Gal, Semantic interoperability in information services: experiencing with CoopWARE, ACM SIGMOD Record, v.28 n.1, p.68-75, March 1999  [doi>10.1145/309844.310061]
16
Avigdor Gal , Vijayalakshmi Atluri, An authorization model for temporal data, Proceedings of the 7th ACM conference on Computer and communications security, p.144-153, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352621]
 
17
Avigdor Gal , Opher Etzion , Arie Segev, TALE: A Temporal Active Language and Execution Model, Proceedings of the 8th International Conference on Advances Information System Engineering, p.60-81, May 20-24, 1996
18
C. S. Jensen , J. Clifford , S. K. Gadia , A. Segev , Richard Thomas Snodgrass, A glossary of temporal database concepts, ACM SIGMOD Record, v.21 n.3, p.35-43, Sept. 1992  [doi>10.1145/140979.140996]
 
19
Dirk Jonscher , Klaus R. Dittrich, An Approach for Building Secure Database Federations, Proceedings of the 20th International Conference on Very Large Data Bases, p.24-35, September 12-15, 1994
20
Niki Pissinou , Richard Thomas Snodgrass , Ramez Elmasri , Inderpal S. Mumick , Tamer Özsu , Barbara Pernici , Arie Segev , Babis Theodoulidis , Umeshwar Dayal, Towards an infrastructure for temporal databases: report of an invitational ARPA/NSF workshop, ACM SIGMOD Record, v.23 n.1, p.35-51, March 1994  [doi>10.1145/181550.181557]
21
Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991  [doi>10.1145/103140.103144]
 
22
Arnon Rosenthal , Edward Sciore, Propagating Integrity Information among Interrelated Databases, Proceedings of the IFIP TC11 Working Group 11.5, Second Working Conference on Integrity and Internal Control in Information Systems: Bridging Business Requirements and Research Results, p.5-18, November 19-20, 1998
23
Arnon Rosenthal , Edward Sciore, First-class views: a key to user-centered computing, ACM SIGMOD Record, v.28 n.3, p.29-36, Sept. 1999  [doi>10.1145/333607.333611]
 
24
Arnon Rosenthal , Edward Sciore , Vinti Doshi, Security Administration for Federations, Warehouses, and other Derived Data, Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security, p.209-223, July 26-28, 1999
25
Pierangela Samarati , Paul Ammann , Sushil Jajodia, Propagation of authorizations in distributed database systems, Proceedings of the 2nd ACM Conference on Computer and communications security, p.136-147, November 1994, Fairfax, Virginia, United States  [doi>10.1145/191177.191204]
 
26
Pierangela Samarati , Elisa Bertino , Sushil Jajodia, An Authorization Model for a Distributed Hypertext System, IEEE Transactions on Knowledge and Data Engineering, v.8 n.4, p.555-562, August 1996  [doi>10.1109/69.536249]
 
27
SANDHU, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Computer Security Applications Conference, 282-286.
 
28
SANDHU, R. S. 1991. Separation of duties in computerized information systems. In Database Security, IV: Status and Prospects, S. Jajodia and C. Landwehr, Eds., North Holland, Amsterdam, The Netherlands, 179-189.
 
29
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
30
Yoav Shoham, Reasoning about change: time and causation from the standpoint of artificial intelligence, MIT Press, Cambridge, MA, 1988
 
31
SPOONER, D. L. 1989. The impact of inheritance on security in object-oriented database systems. In Database Security, II: Status and Prospects, Carl E. Landwehr, Ed., North-Holland, Amsterdam, The Netherlands, 141-160.
 
32
TEMPLETON, M., LUND, E., AND WARD, P. 1987. Pragmatics of access control in Mermaid. Data Eng. 10, 3 (Sept.), 33-38. Special issue on federated database systems.
 
33
THOMAS, R. K. AND SANDHU, R. S. 1993. Discretionary access control in object-oriented databases. In Proceedings of the Sixteenth National Computer Security Conference (Baltimore, Md., Sept.), 63-74.
 
34
WANG, C. AND SPOONER, D. 1987. Access control in a heterogeneous distributed database management system. In Proceedings of the IEEE Sixth Symposium on Reliability in Distributed Software and Database Systems (Williamsburg, Va., March), 84-92.
 
35
Authorization in Distributed Systems: A Formal Approach, Proceedings of the 1992 IEEE Symposium on Security and Privacy, p.33, May 04-06, 1992
36
Thomas Y. C. Woo , Simon S. Lam, A framework for distributed authorization, Proceedings of the 1st ACM conference on Computer and communications security, p.112-118, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168603]

CITED BY  11
Mark Strembeck , Gustaf Neumann, An integrated approach to engineer and enforce context constraints in RBAC environments, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.392-427, August 2004
Li Qin , Vijayalakshmi Atluri, Concept-level access control for the Semantic Web, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
James B. D. Joshi , Elisa Bertino , Usman Latif , Arif Ghafoor, A Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Knowledge and Data Engineering, v.17 n.1, p.4-23, January 2005
Vijayalakshmi Atluri , Soon Ae Chun, An Authorization Model for Geospatial Data, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.238-254, October 2004
Jacques Wainer , Akhil Kumar, A fine-grained, controllable, user-to-user delegation method in RBAC, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Trent Jaeger , Xiaolan Zhang , Fidel Cacheda, Policy management using access control spaces, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.327-364, August 2003
James B. D. Joshi , Elisa Bertino , Arif Ghafoor, An Analysis of Expressiveness and Design Issues for the Generalized Temporal Role-Based Access Control Model, IEEE Transactions on Dependable and Secure Computing, v.2 n.2, p.157-175, April 2005
Jacques Wainer , Akhil Kumar , Paulo Barthelmess, DW-RBAC: A formal security model of delegation and revocation in workflow systems, Information Systems, v.32 n.3, p.365-384, May, 2007
Deqing Zou , Ligang He , Hai Jin , Xueguang Chen, CRBAC: Imposing multi-grained constraints on the RBAC model in the multi-application environment, Journal of Network and Computer Applications, v.32 n.2, p.402-411, March, 2009
Vijayalakshmi Atluri , Soon Ae Chun, A geotemporal role-based authorisation system, International Journal of Information and Computer Security, v.1 n.1/2, p.143-168, January 2007
Samrat Mondal , Shamik Sural , Vijayalakshmi Atluri, Towards formal security analysis of GTRBAC using timed automata, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.4 Distributed Systems
          Subjects: Distributed databases

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection


General Terms:
Security


Keywords:
Access control, authorization administration, derived data, temporal data

Collaborative Colleagues:
Vijayalakshmi Atluri: colleagues
Avigdor Gal: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player