论文信息 - Enabling Collaborative Administration and Safety Fences: Factored Privileges in SQL Databases

Enabling Collaborative Administration and Safety Fences: Factored Privileges in SQL Databases

An access policy has many aspects, concerning both information and physical execution. Agglomerating them into a single SQL grant makes policies much harder to administer, especially at enterprise scale where administrators need to collaborate. We present a way to specify policies as a conjunction of factors, in a simple, regular way. Each factor decision poses a simple question, and when a circumstance changes, only the relevant factor needs to be revisited. Factors are also help for establishing “safety fences” on an administrator’s work, and for separating (global) information privileges to enable more powerful inference rules. To ease integration into existing systems, factor privileges employ the same interfaces and rules as ordinary SQL privileges, rather than multiple new top-level, awkwardly-interacting constructs (such as “autonomy” and “prohibition”).

Arnon Rosenthal | Edward Sciore | A. Rosenthal | E. Sciore

[1] Elisa Bertino,et al. A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[2] Ehud Gudes,et al. Security Policies in Replicated and Autonomous Databases , 1998, DBSec.

[3] Sabrina De Capitani di Vimercati,et al. Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[4] Arnon Rosenthal,et al. View security as the basis for data warehouse security , 2000, DMDW.

[5] Sushil Jajodia,et al. Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[6] Sushil Jajodia,et al. Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[7] Gio Wiederhold,et al. Collaboration requirements: a point of failure in protecting information , 2001, IEEE Trans. Syst. Man Cybern. Part A.