A formal framework for reflective database access control policies

Olson, Lars E.; Gunter, Carl A.; Madhusudan, P.

doi:10.1145/1455770.1455808

Cited by 20 publications

(18 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Rosenthal et al [29] suggest that policies should be evaluated under the privilege of the query issuers rather than the policy authors. In contrast, Olson et al [30] suggest that policies should be evaluated under the privilege of the policy authors rather than the query issuers. In either approach, it is possible that predicates in policies cannot be successfully evaluated due to the lack of privileges.…”

Section: Discussionmentioning

confidence: 99%

An Access Control Language for a General Provenance Model

Xu²,

Bertino

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Provenance access control has been recognized as one of the most important components in an enterprise-level provenance system. However, it has only received little attention in the context of data security research. One important challenge in provenance access control is the lack of an access control language that supports its specific requirements, e.g., the support of both fine-grained policies and personal preferences, and decision aggregation from different applicable policies. In this paper, we propose an access control language tailored to these requirements.

show abstract

Section: Discussionmentioning

confidence: 99%

An Access Control Language for a General Provenance Model

Xu²,

Bertino

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The database community has also addressed the enforcement of instance-level access control policies (e.g., [12,26,20,22]). In particular, [12] extends RBAC with parameterized role templates, where the parameters of a template refer to database columns or constants and serve a similar function as our role parameters.…”

Section: Related Workmentioning

confidence: 99%

Fine-Grained Access Control with Object-Sensitive Roles

Fischer

Marino

Majumdar

et al. 2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java's Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure correct. We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We formalize and prove sound a dependent type system that statically validates a program's conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.

show abstract

“…Reflective Database Access Control (RDBAC) is an access control model that addresses this problem [16]. We define a policy as reflective when it depends on data contained in other parts of the database.…”

Section: Introductionmentioning

confidence: 99%

“…This type of security policy is not available in transaction managers for general-purpose databases, and must be enforced at the application level. We chose to use TD due to its formal semantics that enable provable security properties for certain policies [16]. Similar compilation strategies applied to other more common policy languages, such as XACML [15], could be implemented.…”

Section: Introductionmentioning

confidence: 99%

“…However, this autonomy comes at a price. We have shown that careless definitions of reflective policies can be vulnerable to a Trojan Horse attack if untrusted users are also allowed to define policies [16]. This problem can easily be mitigated using TD-based policies by restricting a policy definer from performing any operations beyond what that user can perform manually: we simply make the user's ID an explicit parameter to all view predicates, and for all predicates in the body of a policy, that parameter is bound to the ID of the policy definer, thereby executing the policy under the policy definer's privileges.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Implementing Reflective Access Control in SQL

Olson

Gunter

Cook

et al. 2009

Data and Applications Security XXIII

Self Cite

View full text Add to dashboard Cite

Abstract. Reflective Database Access Control (RDBAC)is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege in an access control matrix. RDBAC aids the management of database access controls by improving the expressiveness of policies. The Transaction Datalog language provides a powerful syntax and semantics for expressing RDBAC policies, however there is no efficient implementation of this language for practical database systems. We demonstrate a strategy for compiling policies in Transaction Datalog into standard SQL views that enforce the policies, including overcoming significant differences in semantics between the languages in handling side-effects and evaluation order. We also report the results of evaluating the performance of these views compared to policies enforced by access control matrices. This implementation demonstrates the practical feasibility of RDBAC, and suggests a rich field of further research.

show abstract

A formal framework for reflective database access control policies

Cited by 20 publications

References 32 publications

An Access Control Language for a General Provenance Model

An Access Control Language for a General Provenance Model

Fine-Grained Access Control with Object-Sensitive Roles

Implementing Reflective Access Control in SQL

Contact Info

Product

Resources

About