The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Automated derivation of global authorizations for database federations
Journal of Computer Security - Special issue on database security
Authorization specification and enforcement in federated database systems
Journal of Computer Security
Security Policies in Replicated and Autonomous Databases
Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Security Administration for Federations, Warehouses, and other Derived Data
Proceedings of the IFIP WG 11.3 Thirteenth International Conference on Database Security: Research Advances in Database and Information Systems Security
Extending SQL's Grant and Revoke Operations, to Limit and Reactivate Privileges
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
The secondary and approximate authorization model and its application to Bell-LaPadula policies
Proceedings of the eleventh ACM symposium on Access control models and technologies
Flooding and recycling authorizations
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Real-time data attack isolation for commercial database applications
Journal of Network and Computer Applications
Authorization recycling in RBAC systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Assessing query privileges via safe and efficient permission composition
Proceedings of the 15th ACM conference on Computer and communications security
Authorization recycling in hierarchical RBAC systems
ACM Transactions on Information and System Security (TISSEC)
Access control to materialized views: an inference-based approach
Proceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop
Authorization-Transparent access control for XML under the non-truman model
EDBT'06 Proceedings of the 10th international conference on Advances in Database Technology
Risk-based security decisions under uncertainty
Proceedings of the second ACM conference on Data and Application Security and Privacy
Hi-index | 0.00 |
We extend SQL's grant/revoke model to handle all administration of permissions in a distributed database. The key idea is to "factor" permissions into simpler decisions that can be administered separately, and for which we can devise sound inference rules. The model enables us to simplify administration via separation of concerns (between technical DBAs and domain experts), and to justify fully automated inference for some permission factors. We show how this approach would coexist with current practices based on SQL permissions.