An amateur's introduction to recursive query processing strategies
SIGMOD '86 Proceedings of the 1986 ACM SIGMOD international conference on Management of data
Concepts and experiments in computational reflection
OOPSLA '87 Conference proceedings on Object-oriented programming systems, languages and applications
Datalog extensions for database queries and updates
Journal of Computer and System Sciences
ACM Transactions on Programming Languages and Systems (TOPLAS)
Modular stratification and magic sets for Datalog programs with negation
Journal of the ACM (JACM)
Workflow, transactions and datalog
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
The Semantics of Predicate Logic as a Programming Language
Journal of the ACM (JACM)
Logic and Databases: A Deductive Approach
ACM Computing Surveys (CSUR)
Protection in operating systems
Communications of the ACM
Policy-directed certificate retrieval
Software—Practice & Experience
Extending SQL's Grant and Revoke Operations, to Limit and Reactivate Privileges
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
SD3: A Trust Management System with Certified Evaluation
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
On Safety in Discretionary Access Control
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Policy-driven reflective enforcement of security policies
Proceedings of the 2006 ACM symposium on Applied computing
Redundancy and information leakage in fine-grained access control
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Using Attribute-Based Access Control to Enable Attribute-Based Messaging
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Instance-level access control for business-to-business electronic commerce
IBM Systems Journal
Implementing Reflective Access Control in SQL
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Fine-Grained Access Control with Object-Sensitive Roles
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
An Access Control Language for a General Provenance Model
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
A medical database case study for reflective database access control
Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems
Attribute-Based Messaging: Access Control and Confidentiality
ACM Transactions on Information and System Security (TISSEC)
Access control to materialized views: an inference-based approach
Proceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop
Diesel: applying privilege separation to database access
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Declarative privacy policy: finite models and attribute-based encryption
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
AccKW: an efficient access control scheme for keyword-based search over RDBMS
DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
PlexC: a policy language for exposure control
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Fine-grained disclosure control for app ecosystems
Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data
| Hi-index | 0.00 |
Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.