Sciweavers

CCS
2008
ACM

A formal framework for reflective database access control policies

14 years 2 months ago
A formal framework for reflective database access control policies
Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted. Categories and Subject Descriptors D.4.6 [Security and Protection]: Access Controls General Terms Security, Languages, Theory Keywords Reflective database access control, fine-grained access control, transaction datalog, forma...
Lars E. Olson, Carl A. Gunter, P. Madhusudan
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Lars E. Olson, Carl A. Gunter, P. Madhusudan
Comments (0)