Abstract
Privileges in standard SQL are unconditional, forcing the grantor to trust the recipient’s discretion completely. We propose an extension to the SQL grant/revoke security model that allows a grantor to impose limitations on how the received privilege may be used. This extension also has a non-traditional implication for view security. Although our examples are from DBMSs, most results apply to arbitrary sets of privileges, in non-database software.
Chapter PDF
7. References
E. Bertino, C. Bettini, E. Ferrari, P. Samarati, “An access control model supporting periodicity constraints and temporal reasoning,” ACM Trans. Database Systems, Vol. 23, No. 3, Sept. 1998, pp. 231–285.
E. Bertino, S. Jajodia, P. Samarati, “A Flexible Authorization Mechanism for Relational Data Management Systems,” ACM Trans. Information Systems, Vol. 17,No. 2, April 1999, pp. 101–140.
S. Castano, M. Fugini, G. Martella, P. Samarati, Database Security, ACM Press/Addison Wesley, 1995.
H. Gladney, “Access Control for Large Collections,” ACM Trans. Information. Systems, Vol. 15,No. 2, April 1997, pp. 154–194.
ISO X3H2, SQL 99 Standard, section 4.35.
C. McCollum, J. Messing, L. Notargiacomo, “Beyond the Pale of MAC and DAC — Defining new forms of access control,” IEEE Symp. on Security and Privacy, 1990.
A. Rosenthal, E. Sciore, “View Security as the Basis for Data Warehouse Security”, CAiSE Workshop on Design and Management of Data Warehouses, Stockholm, 2000. Also available at http://www.mitre.org/resources/centers/it/staffpages/arnie/
R. Sandhu, V. Bhamidipati, Q. Munawer, “The ARBAC97 Model for Role-Based
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Kluwer Academic Publishers
About this chapter
Cite this chapter
Rosenthal, A., Sciore, E. (2002). Extending SQL’s Grant Operation to Limit Privileges. In: Thuraisingham, B., van de Riet, R., Dittrich, K.R., Tari, Z. (eds) Data and Application Security. IFIP International Federation for Information Processing, vol 73. Springer, Boston, MA. https://doi.org/10.1007/0-306-47008-X_19
Download citation
DOI: https://doi.org/10.1007/0-306-47008-X_19
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7514-2
Online ISBN: 978-0-306-47008-0
eBook Packages: Springer Book Archive