A formal framework for reflective database access control policies

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2008, Pages 289-298

  Olson, Lars E ^a   Gunter, Carl A ^a   Madhusudan, P ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Fine grained access control; Formal safety verification; Reflective database access control; Transaction datalog

Indexed keywords

ACCESS CONTROL LISTS; ACCESS CONTROL POLICIES; DATABASE ACCESS CONTROL; DATABASE QUERIES; DATALOG; FINE-GRAINED ACCESS CONTROL; FORMAL FRAMEWORK; FORMAL SAFETY VERIFICATION; REFLECTIVE DATABASE ACCESS CONTROL; SECURE IMPLEMENTATION; TRANSACTION DATALOG;

DATABASE SYSTEMS; SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 69949149767     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1455770.1455808     Document Type: Conference Paper

References (35)

1. S. Abiteboul and V. Vianu. Datalog extensions for database queries and updates. Journal of Computer and System Sciences, 43(1):62-124, Aug. 1991.
2. R. Agrawal, P. Bird, T. Grandison, J. Kicrnan, S. Logan, and W. Rjaibi. Extending relational database systems to automatically enforce privacy policies. In ICDE 05, Tokyo, Japan, Apr. 2005.
3. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In VLDB 02, Hong Kong, China, Aug. 2002.
4. M. Ancona, W. Cazzola, and E. B. Fernandez. A history-dependent access control mechanism using reflection. In MOS 99, Lisbon, Portugal, Jun. 1999.
5. F. Bancilhon and R. R,ama,krishnan. An amateur's introduction to recursive query processing strategics. In SIGMOD 86, Washington, DC, May 1986.
6. R. Bobba, O. Fatcmich, F. Khan, C. A. Guntcr, and H. Khurana. Using attribute-based access control to enable attribute-based messaging. In ACSAC 06, Miami Beach, FL, Dec. 2006.
7. A. J. Bonner, Transaction datalog: A compositional language for transaction programming. Lecture Notes in Computer Science, 1369:373-395, 1998.
8. A. J. Bonner. Workflow, transactions, and datalog. In PODS 99, Philadelphia, PA, Jun. 1999.
9. D. F. C. Brewer and M. J. Nash. The Chinese wall security policy. In IEEE Security and Privacy, Oakland, CA, May 1989.
10. S. Chaudhuri, T. Dutta, and S. Sudarshan. Fine grained authorization through predicated grants. In ICDE 07, Istanbul, Turkey, Apr. 2007.
11. W. R. Cook and M. R. Gannholm. Rule based database security system and method. United States Patent 6,820,082, Nov. 2004.
12. S. Etalle and W. H. Winsborough. A posteriori compliance control. In SACMAT 07, Sophia Antipolis, France, Jun. 2007.
13. H. Gallaire, J. Minker, and J.-M. Nicolas. Logic and databases: A deductive approach. ACM Computing Surveys, 16(2):153-185, Jun. 1984.
14. R. Goodwin, S. Goh, and F. Y. Wu. Instance-level access control for business-to-business electronic commerce. IBM Systems Journal, 41(2):303-321, 2002.
15. P. P. Griffiths and B. W. Wade. An authorization mechanism for a relational database system. In TODS, l(3):242-255, Sep. 1976.
16. C. A. Gunter and T. Jim. Policy-directed certificate retrieval. Software- Practice and Experience, 30(15): 1609-1640, 2000.
17. M. A. Harrison and W. L. Ruzzo. Monotonic protection systems. In Foundations of Secure Computation, pages 337-363. Academic Press, 1978.
18. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461-471, 1976.
19. S. Jha, N. Li, M. V. Tripunitara, Q. Wang, and W. H. Winsborough. Towards formal verification of role-based access control policies. IEEE Transactions on Dependable and Secure Computing (TDSC). Submitted, under review.
20. T. Jim. SD3: A trust management system with certified evaluation. In IEEE Security and Privacy, Oakland, CA, May 2001.
21. G. Kabra, R. Ramamurthy, and S. Sudarshan. Redundancy and information leakage in fine-grained access control. In SIGMOD 06, Chicago, IL, Jun. 2006.
22. L. Lamport. The temporal logic of actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, 1994.
23. K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. J. DeWitt. Limiting disclosure in hippocratic databases. In VLDB 04, Toronto, ON, Aug. 2004.
24. N. Li and M. V. Tripunitara. On safety in discretionary access control. In IEEE Security and Privacy, Oakland, CA, May 2005.
25. P. Maes. Concepts and experiments in computational reflection. In OOPSLA 87, Orlando, FL, Oct. 1987.
26. Oracle Corporation. Oracle Virtual Private Database. Technical report, Oracle Corporation, Jun. 2005. http://www.oracle.com/technology/deploy/security/ db-security/virtual-private-database/index.html.
27. Oracle Corporation. Oracle service request number 5973395.992. Technical support communication, Jan. 2007.
28. S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In SIGMOD 0J., Paris, France, Jun. 2004.
29. A. Rosenthal and E. Sciore. Extending SQL's grant and revoke operations, to limit and reactivate privileges. In DBSec 00, Schoorl, The Netherlands, Aug. 2000.
30. A. Rosenthal and E. Sciore. Abstracting and refining authorization in SQL. In Secure Data Management Workshop (SDM), Toronto, ON, Aug. 2004.
31. K. A. Ross. Modular stratification and magic sets for datalog programs with negation. Journal of the A CM, 41(6):1216-1266, Nov. 1994.
32. J. A. Solworth and R. H. Sloan. A layered design of discretionary access controls with decidable safety properties. In IEEE Security and Privacy, Oakland, CA, May 2004.
33. Sybase, Inc. New security features in Sybase Adaptive Server Enterprise. Technical report, Sybase, Inc., 2003. http://www.Sybase.com/content/1013009/new- security-wp.pdf.
34. M. H. van Emden and R. A. Kowalski. The semantics of predicate logic as a programming language. Journal of the ACM, 23(4):733-742, 1976.
35. I. Welch and F. Lu. Policy-driven reflective enforcement of security policies. In SAC 06, Dijon, France, Apr. 2006.