Implementing Reflective Access Control in SQL
نویسندگان
چکیده
Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege in an access control matrix. RDBAC aids the management of database access controls by improving the expressiveness of policies. The Transaction Datalog language provides a powerful syntax and semantics for expressing RDBAC policies, however there is no efficient implementation of this language for practical database systems. We demonstrate a strategy for compiling policies in Transaction Datalog into standard SQL views that enforce the policies, including overcoming significant differences in semantics between the languages in handling side-effects and evaluation order. We also report the results of evaluating the performance of these views compared to policies enforced by access control matrices. This implementation demonstrates the practical feasibility of RDBAC, and suggests a rich field of further research.
منابع مشابه
Fine-Grained Data Security in Virtual Organizations
Controlling the access to data based on user credentials is a fundamental part of database management systems. In most cases, the level at which information is controlled extends only to a certain level of granularity. In some scenarios, however, there is a requirement to control access at a more granular way allowing the users to see only the data they are supposed to see in a database table. ...
متن کاملSardana: an All-optical Access-metro Wdm/tdm- Pon
A new optical access network, named “Scalable Advanced Ring-based passive Dense Access Network Architecture” (SARDANA), is presented. It transparently integrates WDM metro and TDM PON access technologies, implementing ring protection, 100 km reach and up to 1024 users served at 10 Gb/s, with passive highly-shared infrastructure. The introduced innovations are hybrid ring/tree WDM/TDM Passive Op...
متن کاملEFL Pre-service Teachers’ Concerns: A Reflective Practice
Central to the spirit of reflective teaching is the ability to focus critically on one’s own beliefs, cognitions, and concerns. Numerous proposals have been developed for implementing reflective practices in pre-service teacher education contexts with the aim of producing highly competent reflective teachers. However, it is imperative to identify the candidates’ beliefs and knowledge base befor...
متن کاملDynamic Meta-level Access Control in SQL
Standard SQL is insufficiently expressive for representing many access control policies that are needed in practice. Nevertheless, we show how rich forms of access control policies can be defined within SQL when small amounts of contextual information are available to query evaluators. Rather than the standard, relational structure perspective that has been adopted for fine-grained access contr...
متن کاملAuthentication and Access Control in Multi-agent Systems
In a multi-agent system dedicated to personal task management, information and resources within the system are usually sensitive and should be accessible by a limited set of people. Some unique properties of such systems raise new engineering challenges for the design and implementation of security and access control mechanisms: interpretations of information by different agents may have differ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009