Role-Based Access Control Models
Computer
ACM Transactions on Information and System Security (TISSEC)
A Model for Attribute-Based User-Role Assignment
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Role-Based Access Control
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Attribute-based encryption for fine-grained access control of encrypted data
Proceedings of the 13th ACM conference on Computer and communications security
Using Attribute-Based Access Control to Enable Attribute-Based Messaging
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Ciphertext-Policy Attribute-Based Encryption
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Fine-grained access control to web databases
Proceedings of the 12th ACM symposium on Access control models and technologies
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Xengine: a fast and scalable XACML policy evaluation engine
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Implementing ACL-Based Policies in XACML
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Trust Management and Trust Negotiation in an Extension of SQL
Trustworthy Global Computing
Implementing Reflective Access Control in SQL
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Statistics & Clustering Based Framework for Efficient XACML Policy Evaluation
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
Fuzzy identity-based encryption
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
SecDS: a secure EPC discovery service system in EPCglobal network
Proceedings of the second ACM conference on Data and Application Security and Privacy
Refactoring access control policies for performance improvement
ICPE '12 Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering
From MDM to DB2: a case study of security enforcement migration
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
| Hi-index | 0.00 |
Attribute-based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. In this paper we explore advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs. We consider this in a context of reflective database access control where attributes used in access decisions are stored in the database itself. Our implementation and experiments demonstrate a significant improvement in access decision times compared to the best available optimizations for general XACML access engines.