Propagation of authorizations in distributed database systems

Authors:
Pierangela Samarati;Paul Ammann;Sushil Jajodia
Affiliations:
Dipartimento di Scienze dell'Informazione, Università di Milano, Via Comelico, 39/41, 20135 Milano, Italy;Center for Secure Information Systems, Department of Information and Software Systems Engineering, George Mason University, Fairfax, VA;The MITRE Corporation, MC Lean, Va
Venue:
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Year:
1994

Citing 15
Cited 2

Optimistic recovery in distributed systems

ACM Transactions on Computer Systems (TOCS)
Consistency in a partitioned network: a survey

ACM Computing Surveys (CSUR)
Designing a global name service

PODC '86 Proceedings of the fifth annual ACM symposium on Principles of distributed computing
Concurrency control and recovery in database systems

Concurrency control and recovery in database systems
Epidemic algorithms for replicated database maintenance

PODC '87 Proceedings of the sixth annual ACM Symposium on Principles of distributed computing
Using histories to implement atomic objects

ACM Transactions on Computer Systems (TOCS)
Dynamic voting algorithms for maintaining the consistency of a replicated database

ACM Transactions on Database Systems (TODS)
Providing high availability using lazy replication

ACM Transactions on Computer Systems (TOCS)
Hybrid concurrency control for abstract data types

Proceedings of the seventh ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
On an authorization mechanism

ACM Transactions on Database Systems (TODS)
An authorization mechanism for a relational database system

ACM Transactions on Database Systems (TODS)
Grapevine: an exercise in distributed computing

Communications of the ACM
Time, clocks, and the ordering of events in a distributed system

Communications of the ACM
Sacrificing serializability to attain high availability of data in an unreliable network

PODS '82 Proceedings of the 1st ACM SIGACT-SIGMOD symposium on Principles of database systems
Efficient solutions to the replicated log and dictionary problems

PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing

An authorization model for temporal and derived data: securing information portals

ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for Geospatial Data

IEEE Transactions on Dependable and Secure Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We consider the propagation of authorizations in distributed database systems. If no constraints are imposed on the propagation of authorization changes, then the authorization states at different sites may evolve inconsistently. A standard solution is to suppress the distributed aspect and make all changes appear as if they had occurred in some serial order at a single site, perhaps via an atomic commit protocol. However, rigid insistence on consistency may result in authorization changes being needlessly delayed, a problem exacerbated in the context of site or communication failures. We propose an optimistic authorization propagation algorithm. We specify an authorization table and a set of operations for altering the authorization table. Each site maintains a log of authorization operations. We exploit the semantics of authorization operations to avoid relying on an undo-redo mechanism for processing out of order operations. Instead we give efficient, direct algorithms to scan the log and update the authorization table. Any inconsistencies in replicas of the authorization table are transient and are eliminated by further communication between sites. We discuss pruning the authorization log.