A Uniied Framework for Enforcing Multiple Access Control Policies

Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a speciic policy (usually the closed policy). As a consequence, although diierent policy choices are possible in theory, in practice only a speciic policy can be actually applied within a given system. However, protection requirements within a system can vary dramatically, and no single policy may simultaneously satisfy them all. In this paper we present a exible authorization manager (FAM) that can enforce multiple access control policies within a single, uniied system. FAM is based on a language through which users can specify authorizations and access control policies to be applied in controlling execution of spe-ciic actions on given objects. We formally deene the language and properties required to hold on the security specii-cations and prove that this language can express all security speciications. Furthermore, we show that all programs expressed in this language (called FAM/CAM-programs) are also guaranteed to be consistent (i.e., no connicting access decisions occur) and CAM-programs are complete (i.e., every access is either authorized or denied). We then illustrate how several well-known protection policies proposed in the literature can be expressed in the FAM/CAM language and how users can customize the access control by specifying their own policies. The result is an access control mechanism which is exible, since diierent access control policies can all coexist in the same data system, and extensible, since it can be augmented with any new policy a speciic application or user may require. 1 Introduction Several access control policies have been proposed in the literature for controlling access to information. Correspondingly , several authorization models have been formalized and access control mechanisms enforcing them implemented. Each model, and its corresponding enforcing mechanism, implements a single speciied policy, which is in fact built into the mechanism. As a consequence, although diierent policy choices are possible in theory, each access control system is in practice bound to a speciic policy. The major drawback of this approach is that a single policy simply cannot capture all protection requirements that may arise over time. For instance, each of us deals with data protection in different ways. We may have information that we want to keep completely private, information we want to share with everybody, information we want to share with almost everybody (with a few exceptions), and information we …

[1]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[2]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[3]  Adrian Walker,et al.  Towards a Theory of Declarative Knowledge , 1988, Foundations of Deductive Databases and Logic Programming..

[4]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[5]  Teodor C. Przymusinski On the Declarative Semantics of Deductive Databases and Logic Programs , 1988, Foundations of Deductive Databases and Logic Programming..

[6]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[7]  Teresa F. Lunt,et al.  Access Control Policies for Database Systems , 1988, DBSec.

[8]  Elisa Bertino,et al.  A Temporal Access Control Mechanism for Database Systems , 1996, IEEE Trans. Knowl. Data Eng..

[9]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[10]  Hans Hermann Brüggemann,et al.  Rights in an Object-Oriented Environment , 1991, DBSec.

[11]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[12]  Elisa Bertino,et al.  Authorizations in relational database management systems , 1993, CCS '93.

[13]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[14]  Klaus R. Dittrich,et al.  Argos - A Configurable Access Control System for Interoperable Environments , 1995, DBSec.

[15]  Elisa Bertino,et al.  Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[16]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[17]  Allen Van Gelder,et al.  The Alternating Fixpoint of Logic Programs with Negation , 1989, J. Comput. Syst. Sci..

[18]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.