A Unified Framework for Enforcing Multiple Access Control Policies.
Sushil Jajodia, Pierangela Samarati, V. S. Subrahmanian, Elisa Bertino:
A Unified Framework for Enforcing Multiple Access Control Policies.
SIGMOD Conference 1997: 474-485@inproceedings{DBLP:conf/sigmod/JajodiaSSB97,
author = {Sushil Jajodia and
Pierangela Samarati and
V. S. Subrahmanian and
Elisa Bertino},
editor = {Joan Peckham},
title = {A Unified Framework for Enforcing Multiple Access Control Policies},
booktitle = {SIGMOD 1997, Proceedings ACM SIGMOD International Conference
on Management of Data, May 13-15, 1997, Tucson, Arizona, USA},
publisher = {ACM Press},
year = {1997},
pages = {474-485},
ee = {http://doi.acm.org/10.1145/253260.253364, db/conf/sigmod/JajodiaSSB97.html},
crossref = {DBLP:conf/sigmod/97},
bibsource = {DBLP, http://dblp.uni-trier.de}
}
BibTeX
Abstract
Although several access control policies can be devised for
controlling access to information, all existing authorization
models, and the corresponding enforcement mechanisms, are
based on a specific policy (usually the closed policy). As a
consequence, although different policy choices are possible
in theory, in practice only a specific policy can be actually
applied within a given system. However, protection requirements
within a system can vary dramatically, and no single
policy may simultaneously satisfy them all.
In this paper we present a flexible authorization manager
(FAM) that can enforce multiple access control policies
within a single, unified system. FAM is based on a language
through which users can specify authorizations and access
control policies to be applied in controlling execution of specific
actions on given objects. We formally define the language
and properties required to hold on the security specifications
and prove that this language can express all security
specifications. Furthermore, we show that all programs expressed
in this language (called FAM/CAM-programs) are
also guaranteed to be consistent (i.e., no conflicting access
decisions occur) and CAM-programs are complete (i.e., every
access is either authorized or denied). We then illustrate
how several well-known protection policies proposed in the
literature can be expressed in the FAM/CAM language and
how users can customize the access control by specifying
their own policies. The result is an access control mechanism
which is flexible, since different access control policies
can all coexist in the same data system, and extensible, since
it can be augmented with any new policy a specific application
or user may require.
Copyright © 1997 by the ACM,
Inc., used by permission. Permission to make
digital or hard copies is granted provided that
copies are not made or distributed for profit or
direct commercial advantage, and that copies show
this notice on the first page or initial screen of
a display along with the full citation.
Online Version (ACM WWW Account required): Full Text in PDF Format
CDROM Version: Load the CDROM "Volume 1 Issue 1, SIGMOD '93-'97" and ...
DVD Version: Load ACM SIGMOD Anthology DVD 1" and ...
BibTeX
Printed Edition
Joan Peckham (Ed.):
SIGMOD 1997, Proceedings ACM SIGMOD International Conference on Management of Data, May 13-15, 1997, Tucson, Arizona, USA.
ACM Press 1997 BibTeX
,
SIGMOD Record 26(2),
June 1997
Contents
[Index Terms]
[Full Text in PDF Format, 1667 KB]
References
- [1]
- ...
- [2]
- Elisa Bertino, Claudio Bettini, Elena Ferrari, Pierangela Samarati:
A Temporal Access Control Mechanism for Database Systems.
IEEE Trans. Knowl. Data Eng. 8(1): 67-80(1996) BibTeX
- [3]
- ...
- [4]
- ...
- [5]
- Elisa Bertino, Pierangela Samarati, Sushil Jajodia:
An Extended Authorization Model for Relational Databases.
IEEE Trans. Knowl. Data Eng. 9(1): 85-101(1997) BibTeX
- [6]
- ...
- [7]
- Hans Hermann Brüggemann:
Rights in an Object-Oriented Environment.
DBSec 1991: 99-115 BibTeX
- [8]
- ...
- [9]
- Ronald Fagin:
On an Authorization Mechanism.
ACM Trans. Database Syst. 3(3): 310-319(1978) BibTeX
- [10]
- Michael Gelfond, Vladimir Lifschitz:
The Stable Model Semantics for Logic Programming.
ICLP/SLP 1988: 1070-1080 BibTeX
- [11]
- Patricia P. Griffiths, Bradford W. Wade:
An Authorization Mechanism for a Relational Database System.
ACM Trans. Database Syst. 1(3): 242-255(1976) BibTeX
- [12]
- Dirk Jonscher, Klaus R. Dittrich:
Argos - A Configurable Access Control System for Interoperable Environments.
DBSec 1995: 43-60 BibTeX
- [13]
- Dirk Jonscher, Klaus R. Dittrich:
An Approach for Building Secure Database Federations.
VLDB 1994: 24-35 BibTeX
- [14]
- Teresa F. Lunt:
Access Control Policies for Database Systems.
DBSec 1988: 41-52 BibTeX
- [15]
- ...
- [16]
- Fausto Rabitti, Elisa Bertino, Won Kim, Darrell Woelk:
A Model of Authorization for Next-Generation Database Systems.
ACM Trans. Database Syst. 16(1): 88-131(1991) BibTeX
- [17]
- ...
- [18]
- Allen Van Gelder:
The Alternating Fixpoint of Logic Programs with Negation.
PODS 1989: 1-10 BibTeX
- [19]
- Thomas Y. C. Woo, Simon S. Lam:
Authorizations in Distributed Systems: A New Approach.
Journal of Computer Security 2(2-3): 107-136(1993) BibTeX
Referenced by
- Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati:
Securing XML Documents.
EDBT 2000: 121-135
- Hasan M. Jamil:
Belief Reasoning in MLS Deductive Databases.
SIGMOD Conference 1999: 109-120
- Elisa Bertino, Claudio Bettini, Elena Ferrari, Pierangela Samarati:
An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning.
ACM Trans. Database Syst. 23(3): 231-285(1998)
BibTeX
ACM SIGMOD Anthology - DBLP:
[Home | Search: Author, Title | Conferences | Journals]
ACM SIGMOD Anthology: Copyright © by ACM (info@acm.org), Corrections: anthology@acm.org
DBLP: Copyright © by Michael Ley (ley@uni-trier.de), last change: Sat May 16 23:40:39 2009