Abstract
With the development of computer and communication technology, access control of the resources in databases has become an issue focused by both consumers and enterprises. Moreover, the new concept of purpose-based authorization strategies is widely used instead of the traditional one of role-based strategies. The way of acquiring the optimal authorization strategies is an important problem. In this paper, an approach of mining authorization strategies based on purpose in database system is proposed. For obtaining the optimal authorization strategies of the resources in databases for supporting various purposes, an algorithm of clustering purposes is designed, which is based on the inclusion relationship among resources required by the purposes. The resultant purpose hierarchy is used for guiding the initial authorization strategies. The approach provides valuable insights into the authorization strategies of database system and delivers a validation and reinforcement of initial strategies, which is helpful to the database administration. The approach can be used not only in database system, but also in any access control system such as enterprise MIS or web service composing system. Theories and experiments show that this mining approach is more effective and efficient.
This work is supported by National Natural Science Foundation of China (No. 60573090, 60673139).
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Afinidad, F., Levin, T., Irvine, C., Nguyen, T.: A Model for Temporal Interval Authorizations. HICSS (2006)
Apté, C., Liu, B., Pednault, E.P.D., Smyth, P.: Business applications of data mining. Commun. ACM 45(8), 49–53 (2002)
Bertino, E., Samarati, P., Jajodia, S.: An Extended Authorization Model for Relational Databases. IEEE Trans. Knowl. Data Eng. 9(1), 85–101 (1997)
Bertino, E., Jajodia, S., Samarati, P.: A Flexible Authorization Mechanism for Relational Data Management Systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)
Bertino, E.: Purpose Based Access Control for Privacy Protection in Database Systems. In: Zhou, L.-z., Ooi, B.-C., Meng, X. (eds.) DASFAA 2005. LNCS, vol. 3453, 2, Springer, Heidelberg (2005)
Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. SACMAT 2005, pp. 102–110 (2005)
Du, Z., Lin, F.: A novel parallelization approach for hierarchical clustering. Parallel Computing 31(5), 523–527 (2005)
Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and ystemsSecurity, vol. 4(3) (August 2001)
Griffiths, P., Wade, B.: An Authorization Mechanism for a Relational Database System. ACM TODS 1(3), 242–255 (September 1976)
Hitchens, M., Varadarajan, V.: Tower: A Language for Role-Based Access Control. In: Proceedings of the Strategies Workshop, Bristol, UK (2001)
Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)
Kim, D., Ray, I., France, R., Li, N.: Modeling Role-Based Access Control Using Parameterized UML Models. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 180–193. Springer, Heidelberg (2004)
Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. In: ACM SIGOPS Operating Systems Review (July 2002)
Lee, J., Yeung, D., Tsang, E.: Hierarchical clustering based on ordinal consistency. Pattern Recognition 38(11), 1913–1925 (2005)
Schlegelmilch, J.: Role mining with ORCA. SACMAT 2005, pp. 168–176 (2005)
Tachikawa, T., Higaki, H., Takizawa, M.: Purpose-Oriented Access Control Model in Object-Based Systems. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 38–49. Springer, Heidelberg (1997)
Thompson, M., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-Grained Authorization for Job and Resource Management Using Akenti and the Globus Toolkit. CoRR cs.DC/0306070 (2003)
Yang, Q., Cheng, H.: Case Mining from Large Databases. In: Ashley, K.D., Bridge, D.G. (eds.) ICCBR 2003. LNCS, vol. 2689, pp. 691–702. Springer, Heidelberg (2003)
Zhang, J., Xiong, M., Yu, Y.: Mining Query Log to Assist Ontology Learning from Relational Database. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 437–448. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Song, J., Wang, D., Bao, Y., Yu, G., Qi, W. (2007). Mining Purpose-Based Authorization Strategies in Database System. In: Chang, K.CC., et al. Advances in Web and Network Technologies, and Information Management. APWeb WAIM 2007 2007. Lecture Notes in Computer Science, vol 4537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72909-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-72909-9_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72908-2
Online ISBN: 978-3-540-72909-9
eBook Packages: Computer ScienceComputer Science (R0)