Database Access Control in the Presence of Context Dependent Protection Requirements

Data items in a database are semantically related. Thus, the access control mechanism of a database system must be concerned with the possibility that access to one item may violate a denied access to another item. This study concentrates on two basic semantic relations for protection requirements. By utilizing a graph-theoretic approach, some of the fundamental properties of the protection relations can be readily identified. These properties can then be used as a basis for understanding more general context dependent protection requirements. Two fundamental properties of the two protection relations are found. The first property addresses the question: given a database with a set of protection relations, is it possible to find a maximal subset of the database such that access to one item of the subset will not lead to any violation of a denied access to another item? The second property addresses the question: given a database with a set of protection relations, is it possible to find a sequence of accesses such that the protection requirement is enforced with no violation?