Access Control in Data Management Systems

Access control is one of the fundamental services that any Data Management System should provide. Its main goal is to protect data from unauthorized read and write operations. This is particularly crucial in today's open and interconnected world, where each kind of information can be easily made available to a huge user population, and where a damage or misuse of data may have unpredictable consequences that go beyond the boundaries where data reside or have been generated. This book provides an overview of the various developments in access control for data management systems. Discretionary, mandatory, and role-based access control will be discussed, by surveying the most relevant proposals and analyzing the benefits and drawbacks of each paradigm in view of the requirements of different application domains. Access control mechanisms provided by commercial Data Management Systems are presented and discussed. Finally, the last part of the book is devoted to discussion of some of the most challenging and innovative research trends in the area of access control, such as those related to the Web 2.0 revolution or to the Database as a Service paradigm. This book is a valuable reference for an heterogeneous audience. It can be used as either an extended survey for people who are interested in access control or as a reference book for senior undergraduate or graduate courses in data security with a special focus on access control. It is also useful for technologists, researchers, managers, and developers who want to know more about access control and related emerging trends.

[1]  Alban Gabillon,et al.  Regulating Access to XML documents , 2001, DBSec.

[2]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.

[3]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[4]  Hakan Hacigümüs,et al.  Query Optimization in Encrypted Database Systems , 2005, DASFAA.

[5]  Vijayalakshmi Atluri,et al.  An authorization model for temporal and derived data: securing information portals , 2002, TSEC.

[6]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[7]  Alberto O. Mendelzon,et al.  Authorization-Transparent Access Control for XML Under the Non-Truman Model , 2006, EDBT.

[8]  Jorge Lobo,et al.  Mining roles with semantic meanings , 2008, SACMAT '08.

[9]  Sushil Jajodia,et al.  FlexFlow: A Flexible Flow Control Policy Specification Framework , 2003, DBSec.

[10]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[11]  Brian Hayes,et al.  What Is Cloud Computing? , 2019, Cloud Technologies.

[12]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[13]  Elisa Bertino,et al.  A nested transaction model for multilevel secure database management systems , 2001, TSEC.

[14]  Jeremy L. Jacob,et al.  The role-based access control system of a European bank: a case study and discussion , 2001, SACMAT '01.

[15]  Kohta Ohshima,et al.  DHT Network with Link Access Control Using a Social Network , 2008, 2008 International Symposium on Applications and the Internet.

[16]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[17]  Martin S. Olivier,et al.  A taxonomy for secure object-oriented databases , 1994, TODS.

[18]  Kian-Lee Tan,et al.  ACStream: Enforcing Access Control over Data Streams , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[19]  Andrew McAfee,et al.  Enterprise 2.0: the dawn of emergent collaboration , 2006, IEEE Engineering Management Review.

[20]  Elisa Bertino,et al.  An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[21]  Philip W. L. Fong,et al.  A Privacy Preservation Model for Facebook-Style Social Network Systems , 2009, ESORICS.

[22]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[23]  Elisa Bertino,et al.  An Authorization Model and Its Formal Semantics , 1998, ESORICS.

[24]  Barbara Carminati,et al.  AC-XML documents: improving the performance of a web access control module , 2005, SACMAT '05.

[25]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[26]  Vijayalakshmi Atluri,et al.  Migrating to optimal RBAC with minimal perturbation , 2008, SACMAT '08.

[27]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[28]  Pieter H. Hartel,et al.  Efficient Tree Search in Encrypted Data , 2004, Inf. Secur. J. A Glob. Perspect..

[29]  Elisa Bertino,et al.  Protecting Databases from Query Flood Attacks , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[30]  Jeffrey D. Ullman,et al.  On protection in operating systems , 1975, SOSP.

[31]  Sushil Jajodia,et al.  Trust management services in relational databases , 2007, ASIACCS '07.

[32]  Bhavani Thuraisingham,et al.  Recursion theoretic properties of the inference problem in database security , 1991 .

[33]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[34]  Muthucumaru Maheswaran,et al.  A trust based approach for protecting user data in social networks , 2007, CASCON.

[35]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[36]  Jim Melton,et al.  Querying XML,: XQuery, XPath, and SQL/XML in context (The Morgan Kaufmann Series in Data Management Systems) (The Morgan Kaufmann Series in Data Management Systems) , 2006 .

[37]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[38]  Elena Ferrari Database as a Service: Challenges and solutions for privacy and security , 2009, 2009 IEEE Asia-Pacific Services Computing Conference (APSCC).

[39]  Ravi Sandhu,et al.  Rule-based RBAC with negative authorization , 2004, 20th Annual Computer Security Applications Conference.

[40]  James B. D. Joshi,et al.  Role Based Access Control , 2009, Encyclopedia of Database Systems.

[41]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[42]  Elena Ferrari,et al.  Access Control Administration Policies , 2009, Encyclopedia of Database Systems.

[43]  Vijayalakshmi Atluri,et al.  Optimal Boolean Matrix Decomposition: Application to Role Engineering , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[44]  Elisa Bertino,et al.  Securing XML data in third-party distribution systems , 2005, CIKM '05.

[45]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[46]  Elisa Bertino,et al.  Exception-based information flow control in object-oriented systems , 1998, TSEC.

[47]  Dorothy E. Denning,et al.  The SeaView Security Model , 1990, IEEE Trans. Software Eng..

[48]  Ninghui Li,et al.  Administration in role-based access control , 2007, ASIACCS '07.

[49]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[50]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[51]  Rakesh Agrawal,et al.  Extending relational database systems to automatically enforce privacy policies , 2005, 21st International Conference on Data Engineering (ICDE'05).

[52]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[53]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[54]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[55]  Ravi S. Sandhu,et al.  A model for role administration using organization structure , 2002, SACMAT '02.

[56]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[57]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[58]  Dino Pedreschi,et al.  Mobility, Data Mining and Privacy - Geographic Knowledge Discovery , 2008, Mobility, Data Mining and Privacy.

[59]  Rafiul Ahad,et al.  Supporting Access Control in an Object-Oriented Database Language , 1992, EDBT.

[60]  Laks V. S. Lakshmanan,et al.  A compressed accessibility map for XML , 2004, TODS.

[61]  Ravi S. Sandhu,et al.  RBAC Standard Rationale: Comments on "A Critique of the ANSI Standard on Role-Based Access Control" , 2007, IEEE Security & Privacy.

[62]  Michael Decker Requirements for a location-based access control model , 2008, MoMM.

[63]  Sebastian Ryszard Kruk,et al.  D-FOAF: Distributed Identity Management with Access Rights Delegation , 2006, ASWC.

[64]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[65]  Lukasz Golab,et al.  Issues in data stream management , 2003, SGMD.

[66]  Jason Crampton Understanding and developing role-based administrative models , 2005, CCS '05.

[67]  Manachai Toahchoodee,et al.  A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications , 2008, TrustBus.

[68]  Kian-Lee Tan,et al.  A framework to enforce access control over data streams , 2010, TSEC.

[69]  Joseph Bonneau,et al.  The Privacy Jungle: On the Market for Data Protection in Social Networks , 2009, WEIS.

[70]  Peng Liu,et al.  QFilter: fine-grained run-time XML access control via NFA-based query rewriting , 2004, CIKM '04.

[71]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[72]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[73]  Joachim Biskup,et al.  Towards a credential-based implementation of compound access control policies , 2004, SACMAT '04.

[74]  Rae K. Burns Referential secrecy , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[75]  Elisa Bertino,et al.  A temporal key management scheme for secure broadcasting of XML documents , 2002, CCS '02.

[76]  Barbara Carminati,et al.  Computing Reputation for Collaborative Private Networks , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[77]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[78]  Elisa Bertino,et al.  A General Framework for Web Content Filtering , 2010, World Wide Web.

[79]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[80]  Elisa Bertino,et al.  Controlled and cooperative updates of XML documents in byzantine and failure-prone distributed systems , 2006, TSEC.

[81]  Jennifer Widom,et al.  Database Systems: The Complete Book , 2001 .

[82]  Elena Ferrari,et al.  Privacy-Aware Knowledge Discovery: Novel Applications and New Techniques , 2010 .

[83]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[84]  Philip S. Yu,et al.  Privacy preservation on time series , 2010 .

[85]  Elisa Bertino,et al.  Views and Security in Distributed Database Management Systems , 1988, EDBT.

[86]  James Turnbull Users and Groups , 2009 .

[87]  Jason Crampton,et al.  Applying hierarchical and role-based access control to XML documents , 2004, SWS '04.

[88]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[89]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[90]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[91]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[92]  Laks V. S. Lakshmanan,et al.  Efficient secure query evaluation over encrypted XML databases , 2006, VLDB.

[93]  O. S. Saydjari Multilevel Security: Reprise , 2004, IEEE Secur. Priv..

[94]  Elisa Bertino,et al.  An Approach to Authorization Modeling in Object-Oriented Database Systems , 1994, Data Knowl. Eng..

[95]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[96]  Jorge Lobo,et al.  Evaluating role mining algorithms , 2009, SACMAT '09.

[97]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[98]  Barbara Carminati,et al.  Enforcing access control in Web-based social networks , 2009, TSEC.

[99]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[100]  Bhavani M. Thuraisingham,et al.  SODA: A secure object-oriented database system , 1989, Comput. Secur..

[101]  Bhavani M. Thuraisingham,et al.  Access control for web data: models and policy languages , 2006, Ann. des Télécommunications.

[102]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[103]  Charu C. Aggarwal,et al.  Data Streams - Models and Algorithms , 2014, Advances in Database Systems.

[104]  Andreas Schaad,et al.  An administration concept for the enterprise role-based access control model , 2003, SACMAT '03.

[105]  J. Noll,et al.  Semantic Access Control in Web Based Communities , 2008, 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008).

[106]  Michiharu Kudo,et al.  XML Access Control with Policy Matching Tree , 2005, ESORICS.

[107]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[108]  Duminda Wijesekera,et al.  Securing UML Information Flow Using FlowUML , 2006, J. Res. Pract. Inf. Technol..

[109]  Elisa Bertino,et al.  Privacy-Preserving Database Systems , 2005, FOSAD.

[110]  Wenfei Fan,et al.  Secure XML querying with security views , 2004, SIGMOD '04.

[111]  Bhavani M. Thuraisingham,et al.  Design of LDV: a multilevel secure relational database management system , 1990 .

[112]  Bruce G. Lindsay,et al.  A Database Authorization Mechanism Supporting Individual and Group Authorization , 1981, DDSS.

[113]  Barbara Carminati,et al.  Access control and privacy in web-based social networks , 2008, Int. J. Web Inf. Syst..

[114]  Elisa Bertino,et al.  Alternative Correctness Criteria for Concurrent Execution of Transactions in Multilevel Secure Databases , 1996, IEEE Trans. Knowl. Data Eng..

[115]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[116]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[117]  Sushil Jajodia,et al.  Integrating an object-oriented data model with multilevel security , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[118]  Patrick D. McDaniel,et al.  On context in authorization policy , 2003, SACMAT '03.

[119]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[120]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[121]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[122]  Jr. John B. Griffin,et al.  Loss of Control , 1990 .

[123]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[124]  Jorge Lobo,et al.  Privacy-aware role based access control , 2009, SACMAT '07.

[125]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[126]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[127]  M. B. Thuraisingham Mandatory security in object-oriented database systems , 1989, OOPSLA 1989.

[128]  Piero A. Bonatti,et al.  Rule-Based Policy Representation and Reasoning for the Semantic Web , 2007, Reasoning Web.

[129]  Jörg Meier,et al.  Securing the Borealis Data Stream Engine , 2006, 2006 10th International Database Engineering and Applications Symposium (IDEAS'06).

[130]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[131]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[132]  Kian-Lee Tan,et al.  Enforcing access control over data streams , 2007, SACMAT '07.

[133]  Bhavani M. Thuraisingham,et al.  Security and Privacy for Web Databases and Services , 2004, EDBT.

[134]  Elisa Bertino,et al.  StreamShield: a stream-centric approach towards security and privacy in data stream environments , 2009, SIGMOD Conference.

[135]  Paul A. Karger,et al.  Limiting the Damage Potential of Discretionary Trojan Horses , 1987, 1987 IEEE Symposium on Security and Privacy.

[136]  Amir Hussain,et al.  Data Mining a New Pilot Agriculture Extension Data Warehouse , 2006, J. Res. Pract. Inf. Technol..

[137]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[138]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[139]  William Stallings,et al.  Cryptography and network security , 1998 .

[140]  D. Richard Kuhn,et al.  A role-based access control model and reference implementation within a corporate intranet , 1999, TSEC.

[141]  Vijayalakshmi Atluri,et al.  The role mining problem: finding a minimal descriptive set of roles , 2007, SACMAT '07.

[142]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[143]  Muthucumaru Maheswaran,et al.  An Access Control Scheme for Protecting Personal Data , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[144]  Elisa Bertino,et al.  Temporal Authorization Bases: From Specification to Integration , 2000, J. Comput. Secur..