A Unified Framework for Evaluating Data-Dependent Access Control Systems

We present a flexible framework for evaluating data-dependent access control systems. Based on logical formalism, the framework is general enough to simulate all existing systems. In this paper, we analyze and compare currently available access control systems and demonstrate how they can be simultaneously extended and simplified using our framework. A series of examples and a cross-comparative analysis clearly demonstrate the advantages of our framework over previous methods.

[1]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[2]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[3]  Peng Liu,et al.  A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms , 2004, Secure Data Management.

[4]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[5]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[6]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[7]  Raghu Ramakrishnan,et al.  Database Management Systems , 1976 .

[8]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[9]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[10]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[11]  Elisa Bertino,et al.  Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[12]  R. Brown,et al.  The application of security policy to role-based access control and the common data security architecture , 2000, Comput. Commun..

[13]  Maarten Marx,et al.  Specifying access control policies for XML documents with XPath , 2004, SACMAT '04.

[14]  Toshiyuki Amagasa,et al.  An Access Control Model for Geographic Data in an XML -based Framework , 2004, WOSIS.

[15]  Marianne Winslett,et al.  Security of shared data in large systems: state of the art and research directions , 2004, SIGMOD '04.

[16]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[17]  Masayoshi Aritsugi,et al.  Protecting Personal Data with Various Granularities: A Logic-Based Access Control Approach , 2005, CIS.

[18]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..