Title :
Supporting multiple access control policies in database systems
Author :
Bertino, Elisa ; Jajodia, Sushil ; Samarati, Pierangela
Author_Institution :
Dipartimento di Sci. dell´´Inf., Milan Univ., Italy
Abstract :
Although there are several choices of policies for protection of information, access control models have been developed for a fixed set pre-defined access control policies that are then built into the corresponding access control mechanisms. This becomes a problem, however, if the access control requirements of an application are different from the policies built into a mechanism. In most cases, the only solution is to enforce the requirements as part of the application code, but this makes verification, modification, and adequate enforcement of these policies impossible. In this paper, we propose a flexible authorization mechanism that can support different security policies. The mechanism enforces a general authorization model onto which multiple access control policies can be mapped. The model permits negative and positive authorizations, authorizations that must be strongly obeyed and authorizations that allow for exceptions, and enforces ownership together with delegation of administrative privileges
Keywords :
authorisation; database management systems; security of data; access control; database systems; flexible authorization mechanism; multiple access control; Access control; Authorization; Database systems; Deductive databases; Information systems; Object oriented modeling; Relational databases; Security; Software systems; Systems engineering and theory;
Conference_Titel :
Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-7417-2
DOI :
10.1109/SECPRI.1996.502673
