A Relational Database Integrity Framework for Access Control Policies

Romuald Thion 1 Stéphane Coulondre 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Access control is today one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for end-users.
Type de document :
Article dans une revue
Journal of Intelligent Information Systems, Springer Verlag, 2012, 38 (1), pp.131-159. 〈10.1007/s10844-010-0146-z〉
Liste complète des métadonnées

Contributeur : Équipe Gestionnaire Des Publications Si Liris <>
Soumis le : mardi 7 mars 2017 - 10:17:15
Dernière modification le : vendredi 11 janvier 2019 - 16:53:12
Document(s) archivé(s) le : jeudi 8 juin 2017 - 12:44:14


Fichiers produits par l'(les) auteur(s)




Romuald Thion, Stéphane Coulondre. A Relational Database Integrity Framework for Access Control Policies. Journal of Intelligent Information Systems, Springer Verlag, 2012, 38 (1), pp.131-159. 〈10.1007/s10844-010-0146-z〉. 〈hal-01352933〉



Consultations de la notice


Téléchargements de fichiers