Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Database security
Argos—a configurable access control system for interoperable environments
Proceedings of the ninth annual IFIP TC11 WG11.3 working conference on Database security IX : status and prospects: status and prospects
Modeling the “multipolicy machine”
NSPW '94 Proceedings of the 1994 workshop on New security paradigms
ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Database Security and Integrity
Database Security and Integrity
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Declarative Foundations of Secure Deductive Databases
ICDT '92 Proceedings of the 4th International Conference on Database Theory
A Model of Methods Access Authorization in Object-oriented Databases
VLDB '93 Proceedings of the 19th International Conference on Very Large Data Bases
Rights in an Object-Oriented Environment
Results of the IFIP WG 11.3 Workshop on Database Security V: Status and Prospects
Access Control in Object-Oriented Database Systems - Some Approaches and Issues
Advanced Database Systems
Protecting personal data with various granularities: a logic-based access control approach
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Ontology-Based policy specification and management
ESWC'05 Proceedings of the Second European conference on The Semantic Web: research and Applications
Data protection in distributed database systems
ISMIS'05 Proceedings of the 15th international conference on Foundations of Intelligent Systems
Decentralized semantic threat graphs
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
A modal logic for information system security
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
Hi-index | 0.00 |
Although there are several choices of policies for protection of information, access control models have been developed for a fixed set pre-defined access control policies that are then built into the corresponding access control mechanisms. This becomes a problem, however, if the access control requirements of an application are different from the policies built into a mechanism. In most cases, the only solution is to enforce the requirements as part of the application code, but this makes verification, modification, and adequate enforcement of these policies impossible. In this paper, we propose a flexible authorization mechanism that can support different security policies. The mechanism enforces a general authorization model onto which multiple access control policies can be mapped. The model permits negative and positive authorizations, authorizations that must be strongly obeyed and authorizations that allow for exceptions, and enforces ownership together with delegation of administrative privileges.