Abstract
Over the last several years, sophisticated access control models have been proposed to take into account different dimensions such as time, space, role, context, attribute, etc. These enable specification of fine grained access control policies that can better express evolving organizational needs. However, there is no comprehensive solution that can uniformly specify, evaluate, maintain and analyze this multitude of policies in a consistent fashion. In this paper, we show that specifying and enforcing access control policies of multiple granularities and dimensions can be transformed into the problem of storing and querying data at multiple granularities and dimensions. Specifically, we develop a unified schema to represent several standard access control policies and show how they can be automatically evaluated. We have implemented the system in Oracle, and evaluated its scalability.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abdunabi, R., Al-Lail, M., Ray, I., France, R.B.: Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model. IEEE Systems Journal 7(3), 501–515 (2013)
Aich, S., Sural, S., Majumdar, A.K.: STARBAC: Spatiotemporal Role Based Access Control. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1567–1582. Springer, Heidelberg (2007)
Ali, S., Rauf, A., Khusro, S., Zubair, M., Farman, H., Ullah, S.: An authorization model to access the summarized data of data warehouse. Life Sciences Journal 11(6s) (2014)
Barker, S.: The next 700 access control models or a unifying meta-model? In: ACM Symposium on Access Control Models and technologies, pp. 187–196 (2009)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. on Information and System Security 4(3), 191–233 (2001)
Becker, M., Fournet, C., Gordon, A.: Design and semantics of a decentralized authorization language. In: IEEE Computer Security Foundations Symposium, pp. 3–15 (2007)
Bell, D., LaPadula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR-2997, The Mitre Corporation, March 1976
Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: ACM Symposium on Access Control Models and Technologies, pp. 29–37. ACM, June 2005
Chaudhuri, S., Dayal, U.: An overview of data warehousing and OLAP technology. SIGMOD Record 26(1), 65–74 (1997)
Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)
Ferraiolo, D., Atluri, V.: A meta model for access control: why is it needed and is it even possible to achieve? In: ACM Symposium on Access Control Models and Technologies, pp. 153–154 (2008)
Ferraiolo, D.F., Atluri, V., Gavrila, S.I.: The policy machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture - Embedded Systems Design 57(4), 412–424 (2011)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. on Information and System Security 4(3), 224–274 (2001)
Graham, G., Denning, P.: Protection principles and practice. In: AFIPS Spring Joint Computer Conference, pp. 417–429 (1972)
Jajodia, S., Samarati, P., et al.: Flexible support for multiple access control policies. ACM Tran. on Database Systems 26(2), 214–260 (2001)
Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)
Lampson, B.: Protection. In: 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971)
Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, p. 114 (2002)
Molloy, I., Tripunitara, M.V., et al.: Panel on granularity in access control. In: ACM Symposium on Access Control Models and Technologies, pp. 85–86 (2013)
National Institute of Standards and Technology, and National Security Agency. A survey of access control methods. Technical report (2009)
Ray, I., Kumar, M., Yu, L.: LRBAC: a location-aware role-based access control model. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 147–161. Springer, Heidelberg (2006)
Ray, I., Toahchoodee, M.: A spatio temporal role based access control model. In: IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 211–226 (2007)
Sandhu, R., et al.: Role-based Access Control Models. IEEE Computer, 38–47 (1996)
OASIS XACML Technical Committee. OASIS extensible access control markup language (XACML) version 2.0
Thuraisingham, B., Kantarcioglu, M., et al.: Extended rbac-based design and implementation for a secure data warehouse. International Journal of Business Intelligence and Data Mining 2(1), 367–382 (2007)
Toahchoodee, M., Ray, I.: On the formalization and analysis of a spatio-temporal role-based access control model. Journal of Computer Security 19(3), 399–452 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Singh, M.P., Sural, S., Atluri, V., Vaidya, J., Yakub, U. (2015). Managing Multi-dimensional Multi-granular Security Policies Using Data Warehousing. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-25645-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25644-3
Online ISBN: 978-3-319-25645-0
eBook Packages: Computer ScienceComputer Science (R0)