ACM SIGMOD Anthology ACM SIGMOD dblp.uni-trier.de

A Unified Framework for Enforcing Multiple Access Control Policies.

Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, Elisa Bertino: A Unified Framework for Enforcing Multiple Access Control Policies. SIGMOD Conference 1997: 474-485
@inproceedings{DBLP:conf/sigmod/JajodiaSSB97,
  author    = {Sushil Jajodia and
               Pierangela Samarati and
               V. S. Subrahmanian and
               Elisa Bertino},
  editor    = {Joan Peckham},
  title     = {A Unified Framework for Enforcing Multiple Access Control Policies},
  booktitle = {SIGMOD 1997, Proceedings ACM SIGMOD International Conference
               on Management of Data, May 13-15, 1997, Tucson, Arizona, USA},
  publisher = {ACM Press},
  year      = {1997},
  pages     = {474-485},
  ee        = {http://doi.acm.org/10.1145/253260.253364, db/conf/sigmod/JajodiaSSB97.html},
  crossref  = {DBLP:conf/sigmod/97},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}

Abstract

Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can be actually applied within a given system. However, protection requirements within a system can vary dramatically, and no single policy may simultaneously satisfy them all.

In this paper we present a flexible authorization manager (FAM) that can enforce multiple access control policies within a single, unified system. FAM is based on a language through which users can specify authorizations and access control policies to be applied in controlling execution of specific actions on given objects. We formally define the language and properties required to hold on the security specifications and prove that this language can express all security specifications. Furthermore, we show that all programs expressed in this language (called FAM/CAM-programs) are also guaranteed to be consistent (i.e., no conflicting access decisions occur) and CAM-programs are complete (i.e., every access is either authorized or denied). We then illustrate how several well-known protection policies proposed in the literature can be expressed in the FAM/CAM language and how users can customize the access control by specifying their own policies. The result is an access control mechanism which is flexible, since different access control policies can all coexist in the same data system, and extensible, since it can be augmented with any new policy a specific application or user may require.

Copyright © 1997 by the ACM, Inc., used by permission. Permission to make digital or hard copies is granted provided that copies are not made or distributed for profit or direct commercial advantage, and that copies show this notice on the first page or initial screen of a display along with the full citation.


ACM SIGMOD Anthology

Online Version (ACM WWW Account required): Full Text in PDF Format

CDROM Version: Load the CDROM "Volume 1 Issue 1, SIGMOD '93-'97" and ...

DVD Version: Load ACM SIGMOD Anthology DVD 1" and ...

Printed Edition

Joan Peckham (Ed.): SIGMOD 1997, Proceedings ACM SIGMOD International Conference on Management of Data, May 13-15, 1997, Tucson, Arizona, USA. ACM Press 1997 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML, SIGMOD Record 26(2), June 1997
Contents

Online Edition: ACM Digital Library

[Index Terms]
[Full Text in PDF Format, 1667 KB]

References

[1]
...
[2]
Elisa Bertino, Claudio Bettini, Elena Ferrari, Pierangela Samarati: A Temporal Access Control Mechanism for Database Systems. IEEE Trans. Knowl. Data Eng. 8(1): 67-80(1996) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[3]
...
[4]
...
[5]
Elisa Bertino, Pierangela Samarati, Sushil Jajodia: An Extended Authorization Model for Relational Databases. IEEE Trans. Knowl. Data Eng. 9(1): 85-101(1997) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[6]
...
[7]
Hans Hermann Brüggemann: Rights in an Object-Oriented Environment. DBSec 1991: 99-115 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[8]
...
[9]
Ronald Fagin: On an Authorization Mechanism. ACM Trans. Database Syst. 3(3): 310-319(1978) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[10]
Michael Gelfond, Vladimir Lifschitz: The Stable Model Semantics for Logic Programming. ICLP/SLP 1988: 1070-1080 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[11]
Patricia P. Griffiths, Bradford W. Wade: An Authorization Mechanism for a Relational Database System. ACM Trans. Database Syst. 1(3): 242-255(1976) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[12]
Dirk Jonscher, Klaus R. Dittrich: Argos - A Configurable Access Control System for Interoperable Environments. DBSec 1995: 43-60 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[13]
Dirk Jonscher, Klaus R. Dittrich: An Approach for Building Secure Database Federations. VLDB 1994: 24-35 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[14]
Teresa F. Lunt: Access Control Policies for Database Systems. DBSec 1988: 41-52 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[15]
...
[16]
Fausto Rabitti, Elisa Bertino, Won Kim, Darrell Woelk: A Model of Authorization for Next-Generation Database Systems. ACM Trans. Database Syst. 16(1): 88-131(1991) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[17]
...
[18]
Allen Van Gelder: The Alternating Fixpoint of Logic Programs with Negation. PODS 1989: 1-10 CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML
[19]
Thomas Y. C. Woo, Simon S. Lam: Authorizations in Distributed Systems: A New Approach. Journal of Computer Security 2(2-3): 107-136(1993) CiteSeerX Google scholar pubzone.org BibTeX bibliographical record in XML

Copyright © Sun Mar 14 23:25:47 2010 by Michael Ley (ley@uni-trier.de)