An authorization model for a shared data base

Authors:
E. B. Fernández;R. C. Summers;C. D. Coleman
Affiliations:
IBM Los Angeles Scientific Center, Los Angeles, California;IBM Los Angeles Scientific Center, Los Angeles, California;IBM Los Angeles Scientific Center, Los Angeles, California
Venue:
SIGMOD '75 Proceedings of the 1975 ACM SIGMOD international conference on Management of data
Year:
1975

Citing 5
Cited 12

On the implementation of security measures in information systems

Communications of the ACM
A relational model of data for large shared data banks

Communications of the ACM
Correctness in access control

ACM '73 Proceedings of the ACM annual conference
Access control in a relational data base management system by query modification

ACM '74 Proceedings of the 1974 annual conference - Volume 1
PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS

PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS

A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
Database security

ACM SIGMOD Record - Directions for future database research & development
A transformational grammar-based query processor for access control in a planning system

ACM Transactions on Database Systems (TODS)
A Comparison of the Relational and CODASYL Approaches to Data-Base Management

ACM Computing Surveys (CSUR)
A system architecture for compile-time actions in databases

ACM '77 Proceedings of the 1977 annual conference
Definition and evaluation of access rules in data management systems

VLDB '75 Proceedings of the 1st International Conference on Very Large Data Bases
A Kernel design for a secure data base management system

VLDB '77 Proceedings of the third international conference on Very large data bases - Volume 3
Decentralized authorization in a database system

VLDB '79 Proceedings of the fifth international conference on Very Large Data Bases - Volume 5
Patterns for session-based access control

Proceedings of the 2006 conference on Pattern languages of programs
Patterns and Pattern Diagrams for Access Control

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Integrity aspects of a shared data base

AFIPS '76 Proceedings of the June 7-10, 1976, national computer conference and exposition
Data base security: requirements, policies, and models

IBM Systems Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

An authorization model is presented, applicable to a shared data base with well defined data structures. Access to this data base is made through a high level language, which is extended to permit data manipulation and to provide data views for different applications. The authorization model includes: 1) the explicit introduction of the concept of application into the definition of user rights; and 2) the use of predicates that can depend on any data in the system to control access at the data field level. Enforcement of authorization is distributed along time (mostly at compile time), and uses the view mechanism to make evident the application program data requests, which are checked by a centralized procedure that consults the access matrix. The system is shown to provide comprehensive authorization, including implementation of levels and compartments, special access restrictions, content-dependent, context-dependent and functional access.