A formal framework for reflective database access control policies

Lars E. Olson; Carl A. Gunter; P. Madhusudan

doi:10.1145/1455770.1455808

A formal framework for reflective database access control policies

Lars E. Olson, Carl A. Gunter, P. Madhusudan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Refiectruc Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself. rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.

Original language	English (US)
Title of host publication	Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08
Pages	289-298
Number of pages	10
DOIs	https://doi.org/10.1145/1455770.1455808
State	Published - 2008
Event	15th ACM conference on Computer and Communications Security, CCS'08 - Alexandria, VA, United States Duration: Oct 27 2008 → Oct 31 2008

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	15th ACM conference on Computer and Communications Security, CCS'08
Country/Territory	United States
City	Alexandria, VA
Period	10/27/08 → 10/31/08

Keywords

Fine-grained access control
Formal safety verification
Reflective database access control
Transaction datalog

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/1455770.1455808

Library availability

Discover UIUC Full Text

Cite this

A formal framework for reflective database access control policies. / Olson, Lars E.; Gunter, Carl A.; Madhusudan, P.
Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08. 2008. p. 289-298 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Olson, LE, Gunter, CA & Madhusudan, P 2008, A formal framework for reflective database access control policies. in Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08. Proceedings of the ACM Conference on Computer and Communications Security, pp. 289-298, 15th ACM conference on Computer and Communications Security, CCS'08, Alexandria, VA, United States, 10/27/08. https://doi.org/10.1145/1455770.1455808

@inproceedings{1778404816c44511a5089235928a43f9,

title = "A formal framework for reflective database access control policies",

abstract = "Refiectruc Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself. rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.",

keywords = "Fine-grained access control, Formal safety verification, Reflective database access control, Transaction datalog",

author = "Olson, {Lars E.} and Gunter, {Carl A.} and P. Madhusudan",

note = "Funding Information: The study is supported by 1. Chinese Academy of Medical Sciences Research Unit (No. 2019RU056 ), Shanghai Jiao Tong University，CAMS Innovation Fund for Medical Sciences (CIFMS) (No. 2019-I2M-5-064 ) and Shanghai Municipal Key Clinical Specialty , Shanghai, China; 2. Translational Medicine Cross Research Fund , School of Medicine, Shanghai Jiao Tong University (CN ), Award No. ZH2018ZDA32.; 15th ACM conference on Computer and Communications Security, CCS'08 ; Conference date: 27-10-2008 Through 31-10-2008",

year = "2008",

doi = "10.1145/1455770.1455808",

language = "English (US)",

isbn = "9781595938107",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "289--298",

booktitle = "Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08",

}

TY - GEN

T1 - A formal framework for reflective database access control policies

AU - Olson, Lars E.

AU - Gunter, Carl A.

AU - Madhusudan, P.

N1 - Funding Information: The study is supported by 1. Chinese Academy of Medical Sciences Research Unit (No. 2019RU056 ), Shanghai Jiao Tong University，CAMS Innovation Fund for Medical Sciences (CIFMS) (No. 2019-I2M-5-064 ) and Shanghai Municipal Key Clinical Specialty , Shanghai, China; 2. Translational Medicine Cross Research Fund , School of Medicine, Shanghai Jiao Tong University (CN ), Award No. ZH2018ZDA32.

PY - 2008

Y1 - 2008

N2 - Refiectruc Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself. rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.

AB - Refiectruc Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself. rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.

KW - Fine-grained access control

KW - Formal safety verification

KW - Reflective database access control

KW - Transaction datalog

UR - http://www.scopus.com/inward/record.url?scp=69949149767&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=69949149767&partnerID=8YFLogxK

U2 - 10.1145/1455770.1455808

DO - 10.1145/1455770.1455808

M3 - Conference contribution

AN - SCOPUS:69949149767

SN - 9781595938107

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 289

EP - 298

BT - Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS'08

T2 - 15th ACM conference on Computer and Communications Security, CCS'08

Y2 - 27 October 2008 through 31 October 2008

ER -

A formal framework for reflective database access control policies

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this