On the implementation of security measures in information systems
Communications of the ACM
A relational model of data for large shared data banks
Communications of the ACM
ACM '73 Proceedings of the ACM annual conference
Access control in a relational data base management system by query modification
ACM '74 Proceedings of the 1974 annual conference - Volume 1
PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS
PRIMARY ACCESS CONTROL IN LARGE-SCALE TIME-SHARED DECISION SYSTEMS
A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
ACM SIGMOD Record - Directions for future database research & development
A transformational grammar-based query processor for access control in a planning system
ACM Transactions on Database Systems (TODS)
A Comparison of the Relational and CODASYL Approaches to Data-Base Management
ACM Computing Surveys (CSUR)
A system architecture for compile-time actions in databases
ACM '77 Proceedings of the 1977 annual conference
Definition and evaluation of access rules in data management systems
VLDB '75 Proceedings of the 1st International Conference on Very Large Data Bases
A Kernel design for a secure data base management system
VLDB '77 Proceedings of the third international conference on Very large data bases - Volume 3
Decentralized authorization in a database system
VLDB '79 Proceedings of the fifth international conference on Very Large Data Bases - Volume 5
Patterns for session-based access control
Proceedings of the 2006 conference on Pattern languages of programs
Patterns and Pattern Diagrams for Access Control
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Integrity aspects of a shared data base
AFIPS '76 Proceedings of the June 7-10, 1976, national computer conference and exposition
Data base security: requirements, policies, and models
IBM Systems Journal
Hi-index | 0.00 |
An authorization model is presented, applicable to a shared data base with well defined data structures. Access to this data base is made through a high level language, which is extended to permit data manipulation and to provide data views for different applications. The authorization model includes: 1) the explicit introduction of the concept of application into the definition of user rights; and 2) the use of predicates that can depend on any data in the system to control access at the data field level. Enforcement of authorization is distributed along time (mostly at compile time), and uses the view mechanism to make evident the application program data requests, which are checked by a centralized procedure that consults the access matrix. The system is shown to provide comprehensive authorization, including implementation of levels and compartments, special access restrictions, content-dependent, context-dependent and functional access.