Synonyms
Authorization verification
Definition
Access control deals with preventing unauthorized operations on the managed data. Access control is usually performed against a set of authorizations stated by Security Administrators (SAs) or users according to the access control policies of the organization. Authorizations are then processed by the access control mechanism (or reference monitor) to decide whether each access request can be authorized or should be denied.
Historical Background
Access control models for DBMSs have been greatly influenced by the models developed for the protection of operating system resources (see, for instance, the model proposed by Lampson [1], also known as the access matrix model, since authorizations are represented as a matrix). However, much of the early work on database protection was on inference control in statistical databases.
Then, in the 1970s, as research in relational databases began, attention was directed towards access control issues. As...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Lampson BW. Protection. Fifth Princeton symposium on information science and systems (Reprinted in). ACM Operat Syst Rev. 1974;8(1):18–24.
Fagin R. On an authorization mechanism. ACM Trans Database Syst. 1978;3(3):310–9.
Griffiths PP, Wade BW. An authorization mechanism for a relational database system. ACM Trans Database Syst. 1976;1(3):242–55.
Air Force Studies Board, Committee on Multilevel Data Management Security. Multilevel data management security. National Research Council; 1983.
Castano S, Fugini MG, Martella G, Samarati P. Database security. Addison-Wesley & ACM Press; 1995.
Ferrari E. Access control in data management systems. Synthesis lectures on data management. Morgan & Claypool Publishers; 2010.
Ferraiolo DF, Sandhu RS, Gavrila SI, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur. 2001;4(3):224–74.
Bertino E, Khan LR, Sandhu RS, Thuraisingham BM. Secure knowledge management: confidentiality, trust, and privacy. IEEE Trans Syst Man Cybern A. 2006;36(3):429–38.
Bertino E, Kirkpatrick MS. Location-based access control systems for mobile users: concepts and research directions. In: Proceedings of the 4th ACM IGSPATIAL International Workshop on Security and Privacy in GIS and LBS; 2011.
Carminati B, Ferrari E, Tan KL. A framework to enforce access control over data streams. ACM Trans Inf Syst Secur. 2011;8(3):337–52.
Carminati B, Ferrari E, Viviani M. Security and trust in online social networks, synthesis lectures on information security, privacy and trust. Morgan & Claypool; 2013.
Kuner C, Cate F, Millard C, Svantesson D. The challenge of big data for data protection. Int Data Priv Law. 2012;2(2).
Takabi H, Joshi James BD, Gail-Joon A. Security and privacy challenges in cloud computing environments. IEEE Secur Priv. 2010;8(6):24–31.
Ferrari E, Thuraisingham BM. Security and privacy for web databases and services. In: Advances in Database Technology, Proceedings of the 9th International Conference on Extending Database Technology; 2004. p. 17–28.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Section Editor information
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media, LLC, part of Springer Nature
About this entry
Cite this entry
Ferrari, E. (2018). Access Control. In: Liu, L., Özsu, M.T. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8265-9_6
Download citation
DOI: https://doi.org/10.1007/978-1-4614-8265-9_6
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8266-6
Online ISBN: 978-1-4614-8265-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering