A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Distributed Database Systems
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Resolving Conflicts in Authorization Delegations
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Supporting multiple access control policies in database systems
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Hi-index | 0.01 |
In this paper, we propose an authorization model for distributed databases. Multiple object granularity of authorizations, such as global relations, fragments and attributes, are supported. Administrative privilege can be delegated from one subject to another to provide decentralized authorization administration. Authorization propagations along both the relation fragmentation tree and the subject group-subgroup hierarchical tree are also considered. Further more, conflict resolution policy is provided that supports well controlled delegations and exceptions. Overall the system provides a very flexible framework for specifying and evaluating the authorizations in distributed database systems.