Skip to main content
SpringerLink
Log in

Recent Advances in Access Control

  • Chapter
Handbook of Database Security

Summary

Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. Traditional access control models and languages result limiting for emerging scenarios, whose open and dynamic nature requires the development of new ways of enforcing access control. Access control is then evolving with the complex open environments that it supports, where the decision to grant an access may depend on the properties (attributes) of the requestor rather than her dentity and where the access control restrictions to be enforced may come from different authorities. These issues pose several new challenges to the design and implementation of access control systems. In this chapter, we present the emerging trends in the access control field to address the new needs and desiderata of today’s systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hacigümüs, H., Iyer, B., Mehrotra, S., Li, C.: Executing SQL over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD 2002, Madison, Wisconsin, USA (2002)

    Google Scholar 

  2. Hacigümüs, H., Iyer, B., Mehrotra, S.: Providing database as a service. In: Proc. of 18th International Conference on Data Engineering, San Jose, California, USA (2002)

    Google Scholar 

  3. Damiani, E., De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Balancing confidentiality and efficiency in untrusted relational DBMSs. In: Proc. of the 10th ACM Conference on Computer and Communications Security (CCS03), Washington, DC, USA (2003)

    Google Scholar 

  4. Graham, G., Denning, P.: Protection- principles and practice. In: Proc. of the Spring Jt. Computer Conference. Volume 40., Montvale, NJ, USA (1972) 417–429

    Google Scholar 

  5. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the SCM 19(8) (August 1976) 461–471

    Article  MATH  MathSciNet  Google Scholar 

  6. Lampson, B.W.: Protection. ACM Operating Systems Review 8(1) (January 1974) 18–24

    Article  Google Scholar 

  7. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transaction on Database Systems 26(2) (June 2001) 214–260

    Article  MATH  Google Scholar 

  8. Lunt, T.: Access control policies: Some unanswered questions. In: Proc. of IEEE Computer Security Foundations Workshop II, Franconia, New Hampshire (1988)

    Google Scholar 

  9. Sandhu, R.: Lattice-based access control models. IEEE Computer 26(11) (1993) 9–19

    Google Scholar 

  10. Bell, D., La Padula, L.: Secure computer systems: A mathematical model. Technical Report MTR-2547, Vol 2, MITRE Corp., Bedford, MA (November 1973)

    Google Scholar 

  11. Bell, D., La Padula, L.: Secure computer systems: Mathematical foundations. Technical Report MTR-2547, Vol 1, MITRE Corp., Bedford, MA (November 1973)

    Google Scholar 

  12. Bell, D., La Padula, L.: Secure computer systems: A refinement of the mathematical model. Technical Report MTR-2547, Vol 3, MITRE Corp., Bedford, MA (April 1974)

    Google Scholar 

  13. Bell, D., La Padula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR-2997, Vol 4, MITRE Corp., Bedford, MA (July 1975)

    Google Scholar 

  14. Biba, K.J.: Integrity considerations for secure computer systems. MTR-3153 rev., MITRE Corp., Vol 1, Bedford, MA (April 1977)

    Google Scholar 

  15. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In Focardi, R., Gorrieri, R., eds.: Foundations of Security Analysis and Design. LNCS 2171. Springer-Verlag (2001)

    Google Scholar 

  16. McLean, J.: Security models. In Marciniak, J., ed.: Encyclopedia of Software Engineering. John Wiley & Sons (1994)

    Google Scholar 

  17. Ferraiolo, D., Kuhn, D.: Role-based access control. In: Proc. of the 15th National Computer Security Conference. (1992)

    Google Scholar 

  18. Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2) (1996) 38–47

    Google Scholar 

  19. Security and trust management (2005) http://www.ercim.org/publication/Ercim_News/enw63/.

    Google Scholar 

  20. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 17th Symposium on Security and Privacy, Oakland, California, USA (May 1996)

    Google Scholar 

  21. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote Trust Management System (Version 2). Internet RFC 2704 edn. (1999)

    Google Scholar 

  22. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3) (2002) 241–272

    Google Scholar 

  23. Irwin, K., Yu, T.: Preventing attribute information leakage in automated trust negotiation. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (2005)

    Google Scholar 

  24. Li, N., Mitchell, J., Winsborough, W.: Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 52 (2005) 474–514

    Article  MathSciNet  Google Scholar 

  25. Ni, J., Li, N., Winsborough, W.: Automated trust negotiation using cryptographic credentials. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (2005)

    Google Scholar 

  26. Yu, T., Winslett, M., Seamons, K.: Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC) 6(1) (February 2003) 1–42

    Article  MATH  Google Scholar 

  27. Seamons, K.E., Winsborough, W., Winslett, M.: Internet credential acceptance policies. In: Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium (July 1997)

    Google Scholar 

  28. Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: Proc. of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA (June 2002)

    Google Scholar 

  29. Winslett, M., Ching, N., Jones, V., Slepchin, I.: Assuring security and privacy for digital library transactions on the web: Client and server security policies. In: Proc. of the ADL ’97 — Forum on Research and Tech. Advances in Digital Libraries, Washington, DC (May 1997)

    Google Scholar 

  30. Yu, T., Ma, X., Winslett, M.: An efficient complete strategy for automated trust negotiation over the internet. In: Proc. of the 7th ACM Computer and Communication Security, Athens, Greece (November 2000)

    Google Scholar 

  31. Seamons, K., Winslett, M., Yu, T.: Limiting the disclosure of access control policies during automated trust negotiation. In: Proc. of the Symposium on Network and Distributed System Security, San Diego, CA (April 2001)

    Google Scholar 

  32. Yu, T., Winslett, M., Seamons, K.: Interoperable strategies in automated trust negotiation. In: Proc. of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (November 2001)

    Google Scholar 

  33. Yu, T., Winslett, M.: A unified scheme for resource protection in automated trust negotiation. In: Proc. of the IEEE Symposium on Security and Privacy, Berkeley, California (May 2003)

    Google Scholar 

  34. Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.: Adaptive trust negotiation and access control. In: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (June 2005)

    Google Scholar 

  35. Gladman, B., Ellison, C., Bohm, N.: Digital signatures, certificates and electronic commerce. http://www.clark.net/pub/cme/html/spki.html.

    Google Scholar 

  36. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1) (February 2002) 1–35

    Article  Google Scholar 

  37. Abadi, M., Lamport, L.: Composing specifications. ACM Transactions on Programming Languages 14(4) (October 1992) 1–60

    MathSciNet  Google Scholar 

  38. Hosmer, H.: Metapolicies II. In: Proc. of the 15th National Computer Security Conference, Baltimore, MD (October 1992)

    Google Scholar 

  39. Jaeger, T.: Access control in configurable systems. Lecture Notes in Computer Science 1603 (2001) 289–316

    Article  Google Scholar 

  40. McLean, J.: The algebra of security. In: Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, USA (April 1988)

    Google Scholar 

  41. Bell, D.: Modeling the multipolicy machine. In: Proc. of the New Security Paradigm Workshop, Little Compton, Rhode Island, USA (August 1994)

    Book  Google Scholar 

  42. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems 17(2) (April 1999) 101–140

    Google Scholar 

  43. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2) (June 2001) 214–260

    Article  MATH  Google Scholar 

  44. Jajodia, S., Samarati, P., Subrahmanian, V., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proc. of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, AZ (May 1997)

    Google Scholar 

  45. Li, N., Feigenbaum, J., Grosof, B.: A logic-based knowledge representation for authorization with delegation. In: Proc. of the 12th IEEE Computer Security Foundations Workshop, Washington, DC, USA (July 1999)

    Google Scholar 

  46. Woo, T., Lam, S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2,3) (1993) 107–136

    Google Scholar 

  47. Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security 6(2) (May 2003) 286–325

    Article  Google Scholar 

  48. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: An experimental evaluation of multi-key strategies for data outsourcing. In: Proc. of the 22nd IFIP TC-11 International Information Security Conference (SEC 2007), Sandton, South Africa (May 2007)

    Google Scholar 

  49. Zych, A., Petkovic, M.: Key management method for cryptographically enforced access control. In: Proc. of the 1st Benelux Workshop on Information and System Security, Antwerpen, Belgium (2006)

    Google Scholar 

  50. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB Conference, Berlin, Germany (September 2003)

    Google Scholar 

  51. Crampton, J., Martin, K., Wild, P.: On key assignment for hierarchical access control. In: In Proc. of the 19th IEEE Computer Security Foundations Workshop (CSFW’06), Los Alamitos, CA, USA (2006)

    Google Scholar 

  52. Sandhu, R.: On some cryptographic solutions for access control in a tree hierarchy. In: Proc. of the 1987 Fall Joint Computer Conference on Exploring Technology: Today and Tomorrow, Dallas, Texas, USA (1987)

    Google Scholar 

  53. Gudes, E.: The design of a cryptography based secure file system. IEEE Transactions on Software Engineering 6 (1980) 411–420

    Article  Google Scholar 

  54. Sandhu, R.: Cryptographic implementation of a tree hierarchy for access control. Information Processing Letters 27 (1988) 95–98

    Article  Google Scholar 

  55. Atallah, M., Frikken, K., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: Proc. of the 12th ACM conference on Computer and Communications Security (CCS05), Alexandria, VA, USA (2005)

    Google Scholar 

  56. Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Selective data encryption in outsourced dynamic environments. In: Proc. of the Second International Workshop on Views On Designing Complex Architectures (VODCA 2006). Electronic Notes in Theoretical Computer Science, Bertinoro, Italy, Elsevier (2006)

    Google Scholar 

  57. Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of the 32nd VLDB Conference, Seoul, Korea (September 2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Universitáa degli Studi di Milano, 26013 Crema, Italy

    S. De Capitani di Vimercati, S. Foresti & P. Samarati

Authors
  1. S. De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Foresti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. P. Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, University of California at Davis, One Shields Avenue, Davis, CA 95616-8562

    Michael Gertz

  2. George Mason University Center for Secure Information Systems Research I, Suite 417, Fairfax, VA 22030-4444

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC.

About this chapter

Cite this chapter

Vimercati, S.D.C.d., Foresti, S., Samarati, P. (2008). Recent Advances in Access Control. In: Gertz, M., Jajodia, S. (eds) Handbook of Database Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-48533-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-48533-1_1

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-48532-4

  • Online ISBN: 978-0-387-48533-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation