Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted. Categories and Subject Descriptors D.4.6 [Security and Protection]: Access Controls General Terms Security, Languages, Theory Keywords Reflective database access control, fine-grained access control, transaction datalog, forma...
Lars E. Olson, Carl A. Gunter, P. Madhusudan