TY - GEN
T1 - Enforcing agile access control policies in relational databases using views
AU - Papernot, Nicolas
AU - McDaniel, Patrick Drew
AU - Walls, Robert J.
PY - 2015/12/14
Y1 - 2015/12/14
N2 - Access control is used in databases to prevent unauthorized retrieval and tampering of stored data, as defined by policies. Various policy models provide different protections and guarantees against illegal accesses, but none is able to offer a universal fit for all access control needs. Therefore, the static nature of access control mechanisms deployed in commercial databases limit the security guarantees provided. They require time-consuming and error-prone efforts to adapt access control policies to evolving security contexts. In contrast, we propose a fully automated and agile approach to access control enforcement in relational databases. We present tractable algorithms that enforce any policy expressible using the high-level syntax of the Authorization Specification Language. This includes complex policies involving information flow control or user history dependencies. Our method does not require any modification to the database schema or user queries, thus allowing for a transparent implementation in existing systems. We demonstrate our findings by formulating two classic access control models: the Bell-LaPadula model and the Chinese Wall policy.
AB - Access control is used in databases to prevent unauthorized retrieval and tampering of stored data, as defined by policies. Various policy models provide different protections and guarantees against illegal accesses, but none is able to offer a universal fit for all access control needs. Therefore, the static nature of access control mechanisms deployed in commercial databases limit the security guarantees provided. They require time-consuming and error-prone efforts to adapt access control policies to evolving security contexts. In contrast, we propose a fully automated and agile approach to access control enforcement in relational databases. We present tractable algorithms that enforce any policy expressible using the high-level syntax of the Authorization Specification Language. This includes complex policies involving information flow control or user history dependencies. Our method does not require any modification to the database schema or user queries, thus allowing for a transparent implementation in existing systems. We demonstrate our findings by formulating two classic access control models: the Bell-LaPadula model and the Chinese Wall policy.
UR - http://www.scopus.com/inward/record.url?scp=84959266800&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84959266800&partnerID=8YFLogxK
U2 - 10.1109/MILCOM.2015.7357410
DO - 10.1109/MILCOM.2015.7357410
M3 - Conference contribution
AN - SCOPUS:84959266800
T3 - Proceedings - IEEE Military Communications Conference MILCOM
SP - 7
EP - 12
BT - 2015 IEEE Military Communications Conference, MILCOM 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 34th Annual IEEE Military Communications Conference, MILCOM 2015
Y2 - 26 October 2015 through 28 October 2015
ER -