Abstract
We show how specifications of role-based access control (RBAC) and temporal role-based access control (TRBAC) policies in a logic language may be used in practical implementations of access control policies for protecting the information in SQL databases from unauthorized retrieval and update requests. Performance results for an implementation of a variety of RBAC policies for protecting an SQL databases and some optimization methods that may be used in implementations are described.
Chapter PDF
Similar content being viewed by others
Keywords
References
Barker, S., Data Protection by Logic Programming, 1st International Conference on Computational Logic, LNAI 1861, 1300–1313, Springer, 2000.
Barker, S., TRBAC N: A Temporal Authorization Model, Proc. MMMANCS International Workshop on Network Security, in V. Gorodetski, V. Skormin, and L. Popyak (Eds.), Lecture Notes in Computer Science 2052, Springer, 178–188, 2001.
Barker, S., Protecting Deductive Databases from Unauthorized Retrieval and Update Requests, Journal of Data and Knowledge Engineering, Elsevier, 293–315, 2002.
Barker, S., and Rosenthal, A., Flexible Security Policies in SQL, DBSec 2001, 187–199, 2001.
Barker, S., Douglas, P. and Fanning, T., Implementing RBAC Policies in PL/SQL, DBSec 2002.
Barker, S., and Stuckey, P., Flexible Access Control Policy Specification with Constraint Logic Programming, ACM Trans. on Information and System Security, 6,4, 501–548, 2003.
Bertino, E., Catania, B., Ferrari, E., and Perlasca, P., A System to Specify and Manage Multipolicy Access Control Models, Proc. IEEE 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), 116–127, 2002.
Castano, S., Fugini, M., Martella, G., and Samarati, P., Database Security, Addison-Wesley, 1995.
Chen, W., and Warren, D., A Goal-Oriented Approach to Computing the Well-Founded Semantics, J. Logic Programming, 17, 279–300, 1993.
Clark, K., Negation as Failure, in H. Gallaire and J. Minker (Eds), Logic and Databases, Plenum, NY, 293–322, 1978.
Date, C., An Introduction to Database Systems (7th Edition), Addison-Wesley, 2000.
Donahoo, M. and Calvert, K, The Pocket Guide to TCP/IP Sockets, Morgan Kaufmann, 2001.
Ferraiolo, D., Gilbert, D., and Lynch, N., An Examination of Federal and Commercial Access Control Policy Needs, Proc. 16th NIST-NSA National Computer Security Conference, 107–116, 1993.
Jajodia, S., Samarati, P., Sapino, M., and Subrahmaninan, V., Flexible Support for Multiple Access Control Policies, ACM TODS, 26,2, 214–260, 2001.
Java Native Interface, Sun Microsystems. java.sun.com/products/
Java Servlet Technology: Implementations and Specifications, Sun Microsystems. java.sun.com/products/jdk/1.2/docs/guide/jni
The JDBC API, Sun Microsystems. java.sun.com/products/jdbc
Libkin, L, The Expressive Power of SQL, Proc. ICDT, 1–21, 2001.
LLoyd, J., Foundations of Logic Programming, Springer, 1987.
Przymusinski, T., Perfect Model Semantics, Proc. 5th ICLP, MIT Press, 1081–1096, 1988.
Ramaswarmy, C., and Sandhu, R., Role-Based Access Control Features in Commercial Database Management Systems, Proc. 21st National Information Systems Security Conference, 503–511, 1998.
Sagonas, K., Swift, T., Warren, D., Freire, J., Rao, P., The XSB System, Version 2.0, Programmer’s Manual, 1999.
Sagonas, K., Swift, T. and Warren, D., XSB as an Efficient Deductive Database Engine, ACM SIGMOD Proceedings, p512, 1994.
Sandhu, R., Ferraiolo, D., and Kuhn, R., The NIST Model for Role-Based Access Control: Towards a Unified Standard, Proc. 4th ACM Workshop on Role-Based Access Control, 47–61, 2000.
Ullman, J., Principles of Database and Knowledge-Base Systems: Volume 1, Computer Science Press, 1990.
Van Gelder, A., Ross, K., and Schlipf, J., The Well-Founded Semantics for General Logic Programs, J. ACM, 38(3), 620–650, 1991.
Decker, S., YAJXB, www-db.stanford.edu/~stefan/rdf/yajxb
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Barker, S., Douglas, P. (2004). RBAC Policy Implementation for SQL Databases. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_21
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive