Enforcing agile access control policies in relational databases using views

Nicolas Papernot, Patrick Drew McDaniel, Robert J. Walls

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Access control is used in databases to prevent unauthorized retrieval and tampering of stored data, as defined by policies. Various policy models provide different protections and guarantees against illegal accesses, but none is able to offer a universal fit for all access control needs. Therefore, the static nature of access control mechanisms deployed in commercial databases limit the security guarantees provided. They require time-consuming and error-prone efforts to adapt access control policies to evolving security contexts. In contrast, we propose a fully automated and agile approach to access control enforcement in relational databases. We present tractable algorithms that enforce any policy expressible using the high-level syntax of the Authorization Specification Language. This includes complex policies involving information flow control or user history dependencies. Our method does not require any modification to the database schema or user queries, thus allowing for a transparent implementation in existing systems. We demonstrate our findings by formulating two classic access control models: the Bell-LaPadula model and the Chinese Wall policy.

Original languageEnglish (US)
Title of host publication2015 IEEE Military Communications Conference, MILCOM 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages7-12
Number of pages6
ISBN (Electronic)9781509000739
DOIs
StatePublished - Dec 14 2015
Event34th Annual IEEE Military Communications Conference, MILCOM 2015 - Tampa, United States
Duration: Oct 26 2015Oct 28 2015

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM
Volume2015-December

Other

Other34th Annual IEEE Military Communications Conference, MILCOM 2015
Country/TerritoryUnited States
CityTampa
Period10/26/1510/28/15

All Science Journal Classification (ASJC) codes

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Enforcing agile access control policies in relational databases using views'. Together they form a unique fingerprint.

Cite this