Journal ArticleDOI
A temporal access control mechanism for database systems
Reads0
Chats0
TLDR
A discretionary access control model in which authorizations contain temporal intervals of validity is presented, and an approach based on establishing an ordering among authorizations and derivation rules, which guarantees a unique set of valid authorizations.Abstract:Â
The paper presents a discretionary access control model in which authorizations contain temporal intervals of validity. An authorization is automatically revoked when the associated temporal interval expires. The proposed model provides rules for the automatic derivation of new authorizations from those explicitly specified. Both positive and negative authorizations are supported. A formal definition of those concepts is presented, together with the semantic interpretation of authorizations and derivation rules as clauses of a general logic program. Issues deriving from the presence of negative authorizations are discussed. We also allow negation in rules: it is possible to derive new authorizations on the basis of the absence of other authorizations. The presence of this type of rule may lead to the generation of different sets of authorizations, depending on the evaluation order. An approach is presented, based on establishing an ordering among authorizations and derivation rules, which guarantees a unique set of valid authorizations. Moreover, we give an algorithm detecting whether such an ordering can be established for a given set of authorizations and rules. Administrative operations for adding, removing, or modifying authorizations and derivation rules are presented and efficiency issues related to these operations are also tackled in the paper. A materialization approach is proposed, allowing to efficiently perform access control.read more
Citations
More filters
Journal ArticleDOI
Flexible support for multiple access control policies
TL;DR: A unified framework that can enforce multiple access control policies within a single system and be enforced by the same security server is presented, based on a language through which users can specify security policies to be enforced on specific accesses.
Proceedings ArticleDOI
A logical language for expressing authorizations
TL;DR: This paper proposes a logical language for the specification of authorizations and illustrates the power of the language by showing how different constraints that are sometimes required, but very seldom supported by existing access control systems, can be represented in the language.
Proceedings ArticleDOI
Securing context-aware applications using environment roles
Michael J. Covington,Wende Long,Srividhya Srinivasan,Anind K. Dev,Mustaque Ahamad,Gregory D. Abowd +5 more
TL;DR: By introducing environment roles, this work creates a uniform access control framework that can be used to secure context-aware applications and presents a security architecture that supports security policies that make use of environment roles to control access to resources.
Proceedings ArticleDOI
A unified framework for enforcing multiple access control policies
TL;DR: This paper presents a flexible authorization manager (FAM) that can enforce multiple access control policies within a single, unified system and formally defines the language and properties required to hold on the security specifications and proves that this language can express all security specifications.
Journal ArticleDOI
Security models for web-based applications
TL;DR: Using traditional and emerging access control approaches to develop secure applications for the Web with a focus on mobile devices.
References
More filters
Proceedings Article
The stable model semantics for logic programming
TL;DR: This paper introduces a succinct abstract representation of constraint atoms in which a constraint atom is represented compactly and shows that this representation provides a means to characterize dependencies of atoms in a program with constraint atoms, so that some standard characterizations and properties relying on these dependencies in the past for logic programs with ordinary atoms can be extended.
Journal ArticleDOI
The well-founded semantics for general logic programs
TL;DR: It is shown that the class of programs possessing a total well-founded model properly includes previously studied classes of "stratified" and "locally stratified" programs, and is compared with other proposals in the literature.
Kerberos: An Authentication Service for Open Network Systems
TL;DR: An overview of the Kerberos authentication model as imple- mented for MIT's Project Athena is given, which describes the protocols used by clients, servers, and Kerbero to achieve authentication.
Proceedings ArticleDOI
Maintaining views incrementally
TL;DR: A counting algorithm that tracks the number of alternative derivations (counts) for each derived tuple in a view, and shows that the count for a tuple can be computed at little or no cost above the cost of deriving the tuple.
Journal ArticleDOI
A calculus for access control in distributed systems
TL;DR: This work provides a logical language for accesss control lists and theories for deciding whether requests should be granted, and studies some of the concepts, protocols, and algorithms for access control in distributed systems from a logical perspective.