A formal framework for reflective database access control policies

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Refiectruc Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself. rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08
Pages289-298
Number of pages10
DOIs
StatePublished - Dec 1 2008
Event15th ACM conference on Computer and Communications Security, CCS'08 - Alexandria, VA, United States
Duration: Oct 27 2008Oct 31 2008

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other15th ACM conference on Computer and Communications Security, CCS'08
Country/TerritoryUnited States
CityAlexandria, VA
Period10/27/0810/31/08

Keywords

  • Fine-grained access control
  • Formal safety verification
  • Reflective database access control
  • Transaction datalog

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'A formal framework for reflective database access control policies'. Together they form a unique fingerprint.

Cite this