Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Databases in Networked Information Systems

DNIS 2005: Databases in Networked Information Systems pp 225–237Cite as

Policies, Models, and Languages for Access Control

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3433))

Abstract

Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and illustrate the main characteristics of access control solutions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Apache http server version 2.0., http://www.apache.org/docs-2.0/misc/tutorials.html

  2. Bettini, C., Jajodia, S., Wang, S., Wijesekera, D.: Provisions and obligations in policy rule management and security applications. In: Proc. 28th International Conference on Very Large Data Bases, Hong Kong, China (August 2002)

    Google Scholar 

  3. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The role of trust management in distributed systems security. In: Secure Internet Programming: Issues in Distributed and Mobile Object Systems. LNCS State-ofthe- Art series. Springer, Heidelberg (1998)

    Google Scholar 

  4. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 1996 IEEE Symposiumon Security and Privacy, Oakland, CA, USA (May 1996)

    Google Scholar 

  5. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)

    Article  Google Scholar 

  6. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)

    Google Scholar 

  7. Box, D., et al.: Web services policy framework (WS-Policy) version 1.1 (May 2003), http://msdn.microsoft.com/library/en-us/dnglobspec/html/ws-policy.asp

  8. Chu, Y.-H., Feigenbaum, J., LaMacchia, B., Resnick, P., Strauss, M.: Referee: trust management forweb applications. World Wide Web Journal 2(3), 706–734 (1997)

    Google Scholar 

  9. Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending policy languages to the semantic web. In: Proc. of the International Conference on Web Engineering, Munich, Germany (July 2004)

    Google Scholar 

  10. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)

    Article  Google Scholar 

  11. Date, C.J.: An Introduction to Database Systems, 6th edn. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

  12. DeTreville, J.: Binder, a logic-based security language. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 2002)

    Google Scholar 

  13. Dovier, A., Piazza, C., Pontelli, E., Rossi, G.: Sets and constraints logic programming. ACM Transactions of Programming Languages and Systems 22(5), 861–931 (2000)

    Article  Google Scholar 

  14. Farrell, S., Housley, R.: An internet attribute certificate profile for authorization. RFC 3281 (April 2002)

    Google Scholar 

  15. Fernandez, E.B., Gudes, E., Song, H.: A model for evaluation and administration of security in object-oriented databases. IEEE Transaction on Knowledge and Data Engineering 6(2), 275–292 (1994)

    Article  Google Scholar 

  16. Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of the 5th International Conference and Symposium on Logic Programming, pp. 1070–1080. MIT Press, Cambridge (1988)

    Google Scholar 

  17. Jajodia, S., Kudo, M., Subrahmanian, V.S.: Provisional authorizations. In: Ghosh, A. (ed.) E-Commerce Security and Privacy, pp. 133–159. Kluwer Academic Publishers, Boston (2001)

    Google Scholar 

  18. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  19. Jim, T.: Sd3: A trust management system with certified evaluation. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 2001)

    Google Scholar 

  20. Kudoh, M., Hirayama, Y., Hada, S., Vollschwitz, A.: Access control specification based on policy evaluation and enforcement model and specification language. In: Symposium on Cryptograpy and Information Security, SCIS 2000 (2000)

    Google Scholar 

  21. Landwehr, C.E.: Formal models for computer security. ACM Computing Surveys 13(3), 247–278 (1981)

    Article  Google Scholar 

  22. Li, N., Grosof, B.N., Feigenbaum: Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security 6(1), 128–171 (2003)

    Article  Google Scholar 

  23. Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust-management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  24. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 2002)

    Google Scholar 

  25. Lunt, T.: Access control policies: Some unanswered questions. In: IEEE Computer Security Foundations Workshop II, Franconia, NH, June 1988, pp. 227–245 (1988)

    Google Scholar 

  26. OASIS. eXtensible Access Control Markup Language (XACML) Version 1.0 (2003), http://www.oasis-open.org/committees/xacml

  27. OASIS. Security Assertion Markup Language (SAML) V1.1 (2003), http://www.oasis-open.org/committees/security/

  28. OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0 (2004), http://www.oasis-open.org/committees/xacml

  29. Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next-generation database systems. ACM TODS 16(1), 89–131 (1991)

    Article  Google Scholar 

  30. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  31. Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., Yu, L.: Requirements for policy languages for trust negotiation. In: Proc. of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), Monterey, CA (June 2002)

    Google Scholar 

  32. Shen, H., Dewan, P.: Access control for collaborative environments. In: Proc. Int. Conf. on Computer Supported Cooperative Work, November 1992, pp. 51–58 (1992)

    Google Scholar 

  33. Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proc. of the 2004 ACM Workshop on Formal Methods in Security Engineering, Washington DC, USA (October 2004)

    Google Scholar 

  34. Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security 6(2), 286–325 (2003)

    Article  Google Scholar 

  35. Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Transactions on Information and System Security 6, 1–42 (2003)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DTI, Università di Milano, 26013, Crema, Italy

    Sabrina De Capitani di Vimercati & Pierangela Samarati

  2. George Mason University, Fairfax, VA, 22030-4444

    Sushil Jajodia

Authors
  1. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Graduate School of Computer Science and Engineering, University of Aizu, Aizu-Wakamatsu, 965-8580, Fukushima, Japan

    Subhash Bhalla

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

De Capitani di Vimercati, S., Samarati, P., Jajodia, S. (2005). Policies, Models, and Languages for Access Control. In: Bhalla, S. (eds) Databases in Networked Information Systems. DNIS 2005. Lecture Notes in Computer Science, vol 3433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31970-2_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31970-2_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25361-7

  • Online ISBN: 978-3-540-31970-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation