Concurrent and Real-Time Update of Access Control Policies

  • Indrakshi Ray
  • Tai Xin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2736)


Access control policies are security policies that govern access to resources. Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. We consider an environment in which different kinds of transactions execute concurrently some of which are policy update transactions. Updating policy objects while they are deployed can lead to potential security problems. We propose two algorithms that not only prevent such security problems, but also ensure serializable execution of transactions. The algorithms differ on the degree of concurrency provided.


Security Policy Policy Object Concurrency Control Access Control Policy Access Privilege 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ammann, P., Jajodia, S., Ray, I.: Applying Formal Methods to Semantic-Based Decomposition of Transactions. ACM Transactions on Database Systems 22(2), 215–254 (1997)CrossRefGoogle Scholar
  2. 2.
    Badrinath, B.R., Ramamritham, K.: Semantics-based concurrency control: Beyond commutativity. ACM Transactions on Database Systems 17(1), 163–199 (1992)CrossRefGoogle Scholar
  3. 3.
    Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)Google Scholar
  4. 4.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proceedings of the Policy Workshop, Bristol, U.K. (January 2001)Google Scholar
  5. 5.
    Damianou, N., Tonouchi, T., Dulay, N., Lupu, E., Sloman, M.: Tools for Domain-based Policy Management of Distributed Systems. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Florence, Italy (April 2002)Google Scholar
  6. 6.
    Damianou, N.C.: A Policy Framework for Management of Distributed Systems. PhD thesis, Imperial College of Science, Technology and Medicine, University of London, London, U.K. (2002)Google Scholar
  7. 7.
    Thomas Haigh, J., et al.: Assured Service Concepts and Models: Security in Distributed Systems. Technical Report RL-TR-92-9, Rome Laboratory, Air Force Material Command, Rome, NY (January 1992)Google Scholar
  8. 8.
    Garcia-Molina, H.: Using semantic knowledge for transaction processing in a distributed database. ACM Transactions on Database Systems 8(2), 186–213 (1983)CrossRefGoogle Scholar
  9. 9.
    Herlihy, M.P., Weihl, W.E.: Hybrid concurrency control for abstract data types. Journal of Computer and System Sciences 43(1), 25–61 (1991)zbMATHCrossRefGoogle Scholar
  10. 10.
    Korth, H.F., Speegle, G.: Formal aspects of concurrency control in long-ouration transaction systems using the NT/PV model. ACM Transactions on Database Systems 19(3), 492–535 (1994)CrossRefGoogle Scholar
  11. 11.
    Lynch, N.A.: Multilevel atomicity –A new correctness criterion for database concurrency control. ACM Transactions on Database Systems 8(4), 484–502 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Schneider, E.A., Kalsow, W., TeWinkel, L., Carney, M.: Experimentation with Adaptive Security Policies. Technical Report RL-TR-96-82, Rome Laboratory, Air Force Material Command, Rome, NY (June 1996)Google Scholar
  13. 13.
    Schneider, E.A., Weber, D.G., de Groot, T.: Temporal Properties of Distributed Systems. Technical Report RADC-TR-89-376, Rome Air Development Center, Rome, NY (September 1989)Google Scholar
  14. 14.
    Thomasian, A.: Concurrency Control: Methods, Performance and Analysis. ACM Computing Surveys 30(1), 70–119 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Indrakshi Ray
    • 1
  • Tai Xin
    • 1
  1. 1.Department of Computer ScienceColorado State University 

Personalised recommendations