Access control in a relational data base management system by query modification

This work describes the access control system being implemented in INGRES (<Underline>IN</Underline>teractive <Underline>G</Underline>raphics and <Underline>RE</Underline>trieval <Underline>S</Underline>ystem). The scheme can be applied to any relational data base management system and has several advantages over other suggested schemes. These include: a) implementation ease b) small execution time overhead c) powerful and flexible controls d) conceptual simplicity The basic idea utilized is that a user interaction with the data base is modified to an alternate form which is guaranteed to have no access violations. This modification takes place in a high level interaction language. Hence, the processing of a resulting interaction can be accomplished with no further regard for protection. In particular, any procedure calls in the access paths for control purposes, such as in [1,2], are avoided.

[1]  R. M. Graham Protection in an information processing utility , 1968, CACM.

[2]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[3]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[4]  Lance Joel Hoffman,et al.  The formulary model for access control and privacy in computer systems , 2018 .

[5]  Theodore D. Friedman,et al.  The Authorization Problem in Shared Files , 1970, IBM Syst. J..

[6]  Peter S. Browne,et al.  A model for access control , 1971, SIGFIDET '71.

[7]  R. C. Owens PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS , 1971 .

[8]  Richard C. Owens Evaluation of access authorization characteristics of derived data sets , 1971, SIGFIDET '71.

[9]  E. F. Codd,et al.  A data base sublanguage founded on the relational calculus , 1971, SIGFIDET '71.

[10]  E. F. Codd,et al.  Relational Completeness of Data Base Sublanguages , 1972, Research Report / RJ / IBM / San Jose, California.

[11]  Donald D. Chamberlin,et al.  Using a Structured English Query Language as a Data Definition Facility , 1973, Research Report / RJ / IBM / San Jose, California.

[12]  Michael Stonebraker,et al.  A functional view of data independence , 1974, SIGFIDET '74.

[13]  James B. Rothnie An approach to implementing a relational data management system , 1974, SIGFIDET '74.

[14]  Donald D. Chamberlin,et al.  SEQUEL: A structured English query language , 1974, SIGFIDET '74.

[15]  W. F. King,et al.  Specifying queries as relational expressions , 1974 .