A Relational Database Integrity Framework for Access Control Policies

Romuald Thion 1 Stéphane Coulondre 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Access control is today one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for end-users.
Document type :
Journal articles
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01352933
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Tuesday, March 7, 2017 - 10:17:15 AM
Last modification on : Tuesday, August 20, 2019 - 3:40:07 PM
Long-term archiving on : Thursday, June 8, 2017 - 12:44:14 PM

File

Liris-4855.pdf
Files produced by the author(s)

Identifiers

Citation

Romuald Thion, Stéphane Coulondre. A Relational Database Integrity Framework for Access Control Policies. Journal of Intelligent Information Systems, Springer Verlag, 2012, 38 (1), pp.131-159. ⟨10.1007/s10844-010-0146-z⟩. ⟨hal-01352933⟩

Share

Metrics

Record views

187

Files downloads

119