Implementing Real-Time Update of Access Control Policies

Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies that arise in a database system. Updating policy while they are in-effect can lead to potential security problems. In an earlier work, we presented an algorithm that not only prevents such security problems but also ensures correct execution of transactions. In the current work we extend that algorithm to handle addition and deletion of access control policies and provide the implementation details of the algorithm. We also describe properties of histories generated by this algorithm.

[1]  Nancy A. Lynch,et al.  Multilevel atomicity—a new correctness criterion for database concurrency control , 1983, TODS.

[2]  Hector Garcia-Molina,et al.  Using semantic knowledge for transaction processing in a distributed database , 1983, TODS.

[3]  B. R. Badrinath,et al.  Semantics-based concurrency control: Beyond commutativity , 1987, 1987 IEEE Third International Conference on Data Engineering.

[4]  Lui Sha,et al.  Modular Concurrency Control and Failure Recovery , 1988, IEEE Trans. Computers.

[5]  Edward A. Schneider,et al.  Specification/Verification of Temporal Properties for Distributed Systems: Issues and Approaches. Volume 1 , 1990 .

[6]  Maurice Herlihy,et al.  Hybrid Concurrency Control for Abstract Data Types , 1991, J. Comput. Syst. Sci..

[7]  J. Thomas Haigh Assured Service Concepts and Models: Security in Distributed Systems , 1992 .

[8]  Henry F. Korth,et al.  Formal aspects of concurrency control in long-duration transaction systems using the NT/PV model , 1994, TODS.

[9]  Edward A. Schneider,et al.  Experimentation with Adaptive Security Policies. , 1996 .

[10]  Sushil Jajodia,et al.  Applying formal methods to semantic-based decomposition of transactions , 1997, TODS.

[11]  Alexander Thomasian,et al.  Concurrency control: methods, performance, and analysis , 1998, CSUR.

[12]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[13]  Emil C. Lupu,et al.  Tools for domain-based policy management of distributed systems , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[14]  Nicodemos Constantinou Damianou,et al.  A policy framework for management of distributed systems , 2002 .

[15]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[16]  Indrakshi Ray,et al.  Concurrent and Real-Time Update of Access Control Policies , 2003, DEXA.

[17]  Indrakshi Ray Real-time update of access control policies , 2004, Data Knowl. Eng..