论文信息 - A non-timestamped authorization model for data management systems

A non-timestamped authorization model for data management systems

There are two approaches to representing authorizations in data management systems. The first approach associates a timestamp with each authorization; semantics of grant and revoke operations on authorizations are based on the temporal relationships determined by these timestamps. The second approach differs from the first in that it does not assign timestamps to authorizations. Although the semantics of the grant and revoke operation are different as a result, several systems have adopted this approach since it not only simplifies management of authorizations, but appears to be more desirable from the user's point of view as well. In this paper, we define a formal model for non-timestamped authorizations that supports both positive and negative authorizations. We give the semantics of the grant and revoke operations in terms of their effect on existing authorizations, and show how negative and positive authorizations can coexist in our model.

Elisa Bertino | Sushil Jajodia | Pierangela Samarati

[1] Prasun Dewan,et al. Access control for collaborative environments , 1992, CSCW '92.

[2] Bradford W. Wade,et al. An authorization mechanism for a relational database system , 1976, TODS.

[3] Silvana Castano,et al. Database Security , 1997, IFIP Advances in Information and Communication Technology.

[4] Elisa Bertino,et al. An Extended Authorization Model for Relational Databases , 1997, IEEE Trans. Knowl. Data Eng..

[5] Ehud Gudes,et al. A Model of Methods Access Authorization in Object-oriented Databases , 1993, VLDB.

[6] Elisa Bertino,et al. Authorizations in relational database management systems , 1993, CCS '93.

[7] Mahadev Satyanarayanan,et al. Integrating security in a large distributed system , 1989, TOCS.

[8] John M. Boone,et al. INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[9] Hans Hermann Brüggemann,et al. Rights in an Object-Oriented Environment , 1991, DBSec.

[10] Elisa Bertino,et al. A model of authorization for next-generation database systems , 1991, TODS.

[11] Bruce G. Lindsay,et al. A Database Authorization Mechanism Supporting Individual and Group Authorization , 1981, DDSS.