Download:
by Elisa Bertino, Università Di Milano
http://mercurio.sm.dsi.unimi.it/~samarati/Papers/tois99.pdf
Add To MetaCart
Abstract:
In this article, we present an authorization model that can be used to express a number of discretionary access control policies for relational data management systems. The model permits both positive and negative authorizations and supports exceptions at the same time. The model is flexible in that the users can specify, for each authorization they grant, whether the authorization can allow for exceptions or whether it must be strongly obeyed. It provides authorization management for groups with exceptions at any level of the group hierarchy, and temporary suspension of authorizations. The model supports ownership together with decentralized administration of authorizations. Administrative privileges can also be restricted so that owners retain control over their tables.
Citations
|
141
|
Flexible Support for Multiple Access Control Policies
– Jajodia, Samarati, et al.
- 2001
|
|
124
|
A Logical Language for Expressing Authorizations
– Jajodia, Samarati, et al.
- 1997
|
|
119
|
Access Control for Collaborative Environments
– Shen, Dewan
- 1992
|
|
117
|
A model of authorization for next-generation database systems
– Rabitti, Bertino, et al.
- 1991
|
|
90
|
Integrating security in a large distributed system
– Satyanarayanan
- 1989
|
|
82
|
An authorization mechanism for a relational database system
– Griffiths, Wade
- 1976
|
|
26
|
A Temporal Access Control Mechanism for Database Systems
– Bertino, Bettini, et al.
- 1996
|
|
25
|
A flexible authorization mechanism for relational data management systems
– Bertino, Jajodia, et al.
- 1999
|
|
24
|
On an Authorization Mechanism
– Fagin
- 1978
|
|
18
|
An Extended Authorization Model for Relational Databases
– Bertino, Samarati, et al.
- 1997
|
|
18
|
Access control policies for database systems
– Lunt
|
|
11
|
Rights in an Object-Oriented Environment
– Bruggemann
- 1992
|
|
8
|
ISO/ANSI Working Draft) Database Language SQL/Foundation
– MELTON
- 1996
|
|
5
|
A model of methods authorization in object-oriented databases
– Gal-Oz, Gudes, et al.
- 1993
|
|
4
|
Authorization and Views
– Selinger
- 1980
|
|
3
|
A flexible and efficient database authorization facility
– GAGLIARDI, LAPIS, et al.
- 1989
|
|
2
|
Secure distributed data views
– Lunt
- 1989
|
|
1
|
A Flexible Authorization Mechanism • 139
– ABADI, BURROWS, et al.
- 1993
|
|
1
|
Informix-Online/Secure. Security Features User’s Guide
– INFORMIX
- 1993
|
|
1
|
Flexauth system—User manual
– LORETTI
- 1996
|
