POPL '87 Proceedings of the 14th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Authorizations in relational database management systems
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Database security
Role-Based Access Control Models
Computer
An access control model supporting periodicity constraints and temporal reasoning
ACM Transactions on Database Systems (TODS)
Extending SQL's Grant and Revoke Operations, to Limit and Reactivate Privileges
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Hi-index | 0.00 |
The most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper introduces constraints-based access control (CBAC) - an access control mechanism that general associations between users and permissions are specified by the rules (or constraints) governing the access rights of each user. This association is not restricted to static events but can include dynamic factors as well.One of the many advantages of CBAC is that even a static CBAC is a generalisation of most of the access control mechanism in use today. We demonstrate how CBAC can efficiently simulate role-based access control (RBAC) and access control list (ACL). In fact, CBAC allows the introduction of any abstract concepts as one would do roles in RBAC. On top of that, CBAC also allows the users to specify interactions between these concepts.Any flexibile access control method usually raises concerns over its time efficiency. We advocate the use of partial solutions to the access control constraints to improve the efficiency of CBAC.