Abstract
We extend SQL’s grant/revoke model to handle all administration of permissions in a distributed database. The key idea is to “factor” permissions into simpler decisions that can be administered separately, and for which we can devise sound inference rules. The model enables us to simplify administration via separation of concerns (between technical DBAs and domain experts), and to justify fully automated inference for some permission factors. We show how this approach would coexist with current practices based on SQL permissions.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35587-0_24
Chapter PDF
Similar content being viewed by others
References
E. Bertino, S. Jajodia, P. Samarati, “A Flexible Authorization Mechanism for Relational Data Management Systems,” ACM Trans. Information Systems, Vol. 17, No. 2, April 1999, pp. 101–140.
S. De Capitani di Vimercati, P. Samarati, Authorization Specification and Enforcement in Federated Database Systems, Journal of Computer Security, vol. 5, n. 2, 1997, pp. 155–188.
S. Castano, S. De Capitani di Vimercati, M.G. Fugini, Automated Derivation of Global Authorizations for Database Federations, Journal of Computer Security, vol. 5, n. 4, 1997, pp. 271–301.
Ehud Gudes, Martin S. Olivier: Security Policies in Replicated and Autonomous Databases. DBSec 1998: 93–107
W. Maimone, VP, Oracle Corporation (personal communication)
A. Rosenthal, E. Sciore, V. Doshi, “Security Administration for Federations, Warehouses, and other Derived Data”, IFIP 11.3 Working Conference on Database Security, Seattle 1999. ( Kluwer, 2000 ). ( Rosenthal papers are available at my homepage )
A. Rosenthal, E. Sciore, “View Security as the Basis for Data Warehouse Security ”, CAiSE Workshop on Design and Management of Data Warehouses, Stockholm, 2000.
A. Rosenthal, E. Sciore, “Extending SQL’s Grant Operation to Limit Privileges”,IFIP Workshop on Database Security, Amsterdam, August 2000
R. Sandhu, V. Bhamidipati, Q. Munawer, “The ARBAC97 Model for Role-Based Administration of Roles”, ACM Trans. Information and System Security,Feb. ‘89.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Rosenthal, A., Sciore, E. (2002). Administering Permissions for Distributed Data: Factoring and Automated Inference. In: Olivier, M.S., Spooner, D.L. (eds) Database and Application Security XV. IFIP — The International Federation for Information Processing, vol 87. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35587-0_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-35587-0_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-1028-1
Online ISBN: 978-0-387-35587-0
eBook Packages: Springer Book Archive