论文信息 - Protecting Personal Data with Various Granularities: A Logic-Based Access Control Approach

Protecting Personal Data with Various Granularities: A Logic-Based Access Control Approach

In this paper, we present a rule-based approach to fine-grained data-dependent access control for database systems. Authorization rules in this framework are described in a logical language that allows us to specify policies systematically and easily. The language expresses authorization rules based on the values, types, and semantics of data elements common to the relational data model. We demonstrate the applicability of our approach by describing several data-dependent policies using an example drawn from a medical information system.

[1] S. Sudarshan,et al. Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[2] Elisa Bertino,et al. A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[3] Elisa Bertino,et al. Supporting multiple access control policies in database systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4] Ross J. Anderson,et al. A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5] Bradford W. Wade,et al. An authorization mechanism for a relational database system , 1976, TODS.

[6] Marianne Winslett,et al. Security of shared data in large systems: state of the art and research directions , 2004, SIGMOD '04.

[7] Gail-Joon Ahn,et al. A role-based delegation framework for healthcare information systems , 2002, SACMAT '02.

[8] Jeffrey D. Ullman,et al. Principles of Database and Knowledge-Base Systems, Volume II , 1988, Principles of computer science series.

[9] Jeffrey D. Ullman,et al. Principles Of Database And Knowledge-Base Systems , 1979 .