Trust Management and Trust Negotiation in an Extension of SQL

  • Scott D. Stoller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5474)


Security policies of large organizations cannot be expressed in the access control policy language defined by the SQL standard and provided by widely used relational database systems, because that language does not support the decentralized policies that are common in large organizations. Trust management frameworks support decentralized policies but generally have not been designed to integrate conveniently with databases. This paper describes a trust management framework for relational databases. Specifically, this paper describes a SQL-based policy language with support for certificate discovery and trust negotiation, a portable system architecture, and a large case study based on an existing realistic policy for electronic health records.


Policy Language Electronic Health Record Trust Management Electronic Health Record System Release Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Becker, M.Y.: Cassandra: Flexible Trust Management and its Application to Electronic Health Records. PhD thesis, University of Cambridge (October 2005)Google Scholar
  2. 2.
    Becker, M.Y., Sewell, P.: Cassandra: Flexible trust management, applied to electronic health records. In: Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), pp. 139–154. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  3. 3.
    Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The role of trust management in distributed systems. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 185–210. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)CrossRefGoogle Scholar
  5. 5.
    Chaudhuri, S., Dutta, T., Sudarshan, S.: Fine grained authorization through predicated grants. In: Proc. 23rd IEEE International Conference on Data Engineering (ICDE 2007), pp. 1174–1183 (April 2007)Google Scholar
  6. 6.
    Cook, W.R., Gannholm, M.R.: Rule based database security system and method. United States Patent 6820082 (November 2004)Google Scholar
  7. 7.
    di Vimercati, S.D.C., Jajodia, S., Paraboschi, S., Samarati, P.: Trust management services in relational databases. In: Proc. 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2007). ACM, New York (2007)Google Scholar
  8. 8.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)CrossRefGoogle Scholar
  9. 9.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proc. 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (2002)Google Scholar
  10. 10.
    Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)CrossRefGoogle Scholar
  11. 11.
    National Health Service of the United Kingdom. Output based specification for integrated care record service version 2 (August 2003),
  12. 12.
    Nejdl, W., Olmedilla, D., Winslett, M.: PeerTrust: Automated trust negotiation for peers on the semantic web. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 118–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Winsborough, W.H., Li, N.: Safety in automated trust negotiation. ACM Transactions on Information and System Security 9(3), 352–390 (2006)CrossRefGoogle Scholar
  14. 14.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and Systems Security 6(1), 1–42 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Scott D. Stoller
    • 1
  1. 1.Computer Science Dept.Stony Brook UniversityStony BrookUSA

Personalised recommendations