Access control for large collections

ACM Transactions on Information Systems

Volumn 15, Issue 2, 1997, Pages 154-194

  Gladney, H M ^a  

^a IBM ALMADEN RESEARCH CENTER   (United States)

Author keywords

C.2.4 Computer Communication Networks : Distributed Systems distributed applications; D.2.0 Software Engineering : General protection mechanisms; D.4.6 Operating Systems : Security and Protection; Distributed databases

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; DISTRIBUTED DATABASE SYSTEMS; SECURITY OF DATA;

ACCESS CONTROL; DIGITAL LIBRARY;

INFORMATION RETRIEVAL SYSTEMS;

EID: 0031118725     PISSN: 10468188     EISSN: None     Source Type: Journal    
DOI: 10.1145/248625.248652     Document Type: Article

References (44)

1. ABADI, M., BURROWS, M., LAMPSON, B., AND PLOTKIN, G. 1993. A calculus for access control in distributed systems. ACM Trans. Program. Lang. Syst. 15, 4, 706-734.
2. BELL, D.E. AND LAPADULA, L. J. 1975. Secure computer system: Unified exposition and multics interpretation. MIRTRE Corp., Bedford, Mass. Also available as NTIS AD-A023588. National Technical Information Service, Springfield, Va. (1976).
3. BUTTERWORTH, P., OTIS, A., AND STEIN, J. 1991. The GemStone object database management system. Commun. ACM 34, 10 (Oct.), 50-63.
4. CHOKHANI, S. 1992. Trusted products evaluation. Commun. ACM 35, 7 (July), 64-76.
5. CLARK, D. C. AND WILSON, D. R. 1987. A comparison of commercial and military security policies. In Proceedings of the IEEE Security and Privacy Symposium. IEEE, New York.
6. 2 system. Commun. ACM 34, 10 (Oct.), 34-49.
7. DEPARTMENT OF DEFENSE. 1985. Trusted computer system evaluation criteria. DOD 5200.28 STD, National Computer Security Center, U.S. Department of Defense, Washington, D.C.
8. ERDOS, M.E. AND PATO, J. N. 1993. Extending the OSF DCE authorization system to support practical delegation. In Proceedings of the PSRD Workshop on Network and Distributed System Security. 93-100.
9. FAGIN, R. 1978. On an authorization mechanism. ACM Trans. Database Sys. 3, 3, 310-375.
10. Fox, E. A., AKSCYN, R. M., FURUTA, R. K., AND LEGGETT, J. J., Eds. 1994. Proceedings of Digital Libraries '94. Springer-Verlag, Berlin.
11. Fox, E. A., AKSCYN, R. M., FURUTA, R. K., AND LEGGETT, J. J. 1995. Digital libraries. Commun. ACM 38, 4 (Apr.), 22-28.
12. GAGLIARDI, R., LAPIS, G., AND LINDSAY, B. G. 1989. A flexible and efficient database authorization facility. IBM Res. Rep. RJ 6826, IBM, San Jose, Calif.
13. GLADNEY, H. M. 1978. Administrative control of computing service. IBM Syst. J. 17, 151.
14. GLADNEY, H. M. 1993. A storage subsystem for image and records management. IBM Syst. J. 32, 3, 512-540.
15. GLADNEY, H. M. 1994. Condition tests in data server access control. IBM Res. Rep. RJ 9244, IBM, San Jose, Calif.
16. GLADNEY, H. M., WORLEY, E. L., AND MYERS, J. J. 1975. An access control mechanism for computer resources. IBM Syst. J. 14, 212.
17. GRAY, J. AND REUTER, A. 1993. Transaction Processing: Concepts and Techniques. Morgan Kaufmann, San Mateo, Calif.
18. GRIFFITHS, P. P. AND WADE, B. 1976. An authorization mechanism for a relational database system. ACM Trans. Database Syst. 1, 3, 242-255.
19. HOFFMAN, L. J. AND MORAN, L. M. 1986. Societal Vulnerability to Computer System Failures. Vol. 5, Computers and Security. Elsevier Science, Amsterdam, 211-217.
20. IBM. 1985. Resource Access Control Facility (RACF) general information manual. Systems Ref. Lib. GC28-0722, IBM, San Jose, Calif.
21. IBM. 1991. Image and Records Management (IRM) general information guide. IBM Systems Ref. Lib. GC22-0027, IBM, San Jose, Calif.
22. IBM. 1994. IBM ImagePlus VisualInfo general information and planning guide. IBM Systems Ref. Lib. GK2T-1709, IBM, San Jose, Calif.
23. ISO. 1991. Information technology - Portable Operating System Interface (POSIX) - security interface. ISO/IEC JTC 1/SC22/WG15 N046R1 P1003.6 Draft 12, International Standards Organization, Geneva, Switzerland.
24. ISO. 1992. Information retrieval, transfer and management for OSI: Access control framework. ISO/IEC JTC 1/SC 21/WG 1 N6947 Second CD 10181-3. International Standards Organization, Geneva, Switzerland.
25. JANSON, P. 1992. Security and management services in open networks and distributed systems. IBM Res. Rep. RZ 2274, IBM, San Jose, Calif.
26. KARGER, P. A. 1985. Authentication and discretionary access control in computer networks. Comput. Networks ISDN Syst. 10, 1, 27-37.
27. KOHL, J. T. 1991. The evolution of the Kerberos authentication service. In Proceedings of the EurOpen Conference, Unix Open Systems in Perspective. IEEE Computer Society Press, Los Alamitos, Calif., 295-313.
28. KUMAR, R. 1991. OSF's distributed computing environment. IBM AIXpert 2, 22-29.
29. LAMB, C., LANDIS, G., ORENSTIEN, J., AND WEINREB, D. 1991. The ObjectStore database system. Commun. ACM 34, 10 (Oct.), 50-63.
30. LAMPSON, B., ABADI, M., BURROWS, M., AND WOBBER, W. E. 1991. Authentication in distributed systems: Theory and practice. Oper. Syst. Rev. 25, 5, 165-182.
31. LAMPSON, B., ABADI, M., BURROWS, M., AND WOBBER, W. E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst. 10, 4 (Nov.), 265-308.
32. LEBOWITZ, G. 1992. An overview of the OSF DCE distributed file system. IBM AIXpert 3, (Feb.), 55-64.
33. LEE, T. M. P. 1988. Using mandatory integrity to enforce "commercial" security. In Proceedings of the 1988 IEEE Symposium on Security and Privacy. IEEE, New York, 140-146.
34. LEISS, E. 1983. Authorization systems with grantor-controlled propagation of privileges. In Proceedings of Spring COMPCON '83. IEEE Computer Society Press, Los Alamitos, Calif.
35. LINN, L. 1990. Practical authentication for distributed computing. In Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 31-40.
36. LOHMAN, G. M., LINDSAY, B., PIRAHESH, H., AND SCHIEFER, K. B. 1991. Extensions to Starburst: Objects, types, functions, and rules. Commun. ACM 34, 10 (Oct.), 94-109.
37. MOFFETT, J. D. AND SLOMAN, M. S. 1988. The source of authority for commercial access control. Computer 21, 2 (Feb.), 59-69.
38. OSF. 1991. Distributed Computer Environment (DCE) Version 1.0: Application Development Reference. Open Software Foundation, Cambridge, Mass.
39. RABITTI, F., BERTINO, B., KIM, K., AND WOELK, D. 1991. A model of authorization for next-generation database systems. ACM Trans. Database Syst. 16, 1, 88-131.
40. RICHARDSON, J., SCHWARZ, P., AND CABRERA, L.-F. 1992. CACL: Efficient fine-grained protection for objects. IBM Res. Rep. RJ 8894, IBM, San Jose, Calif.
41. SALTZER, J. H. AND SCHROEDER, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278-1308.
42. SILBERSCHAT, A., STONEBRAKER, M., AND ULLMAN, M., Eds. 1991. Database systems: Achievements and opportunities. Commun. ACM 34, 10 (Oct.), 110-120.
43. STONEBRAKER, M. AND KEMNITZ, G. 1991. The PostGres next generation database management system. Commun. ACM 34, 10 (Oct.), 78-92.
44. VARADHARAJAN, V., ALLEN, P., AND BLACK, S. 1991. An analysis of the proxy problem in distributed systems. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 255-275.