Concurrent and Real-Time Update of Access Control Policies
- 491 Downloads
Access control policies are security policies that govern access to resources. Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. We consider an environment in which different kinds of transactions execute concurrently some of which are policy update transactions. Updating policy objects while they are deployed can lead to potential security problems. We propose two algorithms that not only prevent such security problems, but also ensure serializable execution of transactions. The algorithms differ on the degree of concurrency provided.
KeywordsSecurity Policy Policy Object Concurrency Control Access Control Policy Access Privilege
Unable to display preview. Download preview PDF.
- 3.Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)Google Scholar
- 4.Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proceedings of the Policy Workshop, Bristol, U.K. (January 2001)Google Scholar
- 5.Damianou, N., Tonouchi, T., Dulay, N., Lupu, E., Sloman, M.: Tools for Domain-based Policy Management of Distributed Systems. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Florence, Italy (April 2002)Google Scholar
- 6.Damianou, N.C.: A Policy Framework for Management of Distributed Systems. PhD thesis, Imperial College of Science, Technology and Medicine, University of London, London, U.K. (2002)Google Scholar
- 7.Thomas Haigh, J., et al.: Assured Service Concepts and Models: Security in Distributed Systems. Technical Report RL-TR-92-9, Rome Laboratory, Air Force Material Command, Rome, NY (January 1992)Google Scholar
- 12.Schneider, E.A., Kalsow, W., TeWinkel, L., Carney, M.: Experimentation with Adaptive Security Policies. Technical Report RL-TR-96-82, Rome Laboratory, Air Force Material Command, Rome, NY (June 1996)Google Scholar
- 13.Schneider, E.A., Weber, D.G., de Groot, T.: Temporal Properties of Distributed Systems. Technical Report RADC-TR-89-376, Rome Air Development Center, Rome, NY (September 1989)Google Scholar