Skip to main content

Mining Purpose-Based Authorization Strategies in Database System

  • Conference paper
Advances in Web and Network Technologies, and Information Management (APWeb 2007, WAIM 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4537))

  • 2526 Accesses

Abstract

With the development of computer and communication technology, access control of the resources in databases has become an issue focused by both consumers and enterprises. Moreover, the new concept of purpose-based authorization strategies is widely used instead of the traditional one of role-based strategies. The way of acquiring the optimal authorization strategies is an important problem. In this paper, an approach of mining authorization strategies based on purpose in database system is proposed. For obtaining the optimal authorization strategies of the resources in databases for supporting various purposes, an algorithm of clustering purposes is designed, which is based on the inclusion relationship among resources required by the purposes. The resultant purpose hierarchy is used for guiding the initial authorization strategies. The approach provides valuable insights into the authorization strategies of database system and delivers a validation and reinforcement of initial strategies, which is helpful to the database administration. The approach can be used not only in database system, but also in any access control system such as enterprise MIS or web service composing system. Theories and experiments show that this mining approach is more effective and efficient.

This work is supported by National Natural Science Foundation of China (No. 60573090, 60673139).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Afinidad, F., Levin, T., Irvine, C., Nguyen, T.: A Model for Temporal Interval Authorizations. HICSS (2006)

    Google Scholar 

  2. Apté, C., Liu, B., Pednault, E.P.D., Smyth, P.: Business applications of data mining. Commun. ACM 45(8), 49–53 (2002)

    Article  Google Scholar 

  3. Bertino, E., Samarati, P., Jajodia, S.: An Extended Authorization Model for Relational Databases. IEEE Trans. Knowl. Data Eng. 9(1), 85–101 (1997)

    Article  Google Scholar 

  4. Bertino, E., Jajodia, S., Samarati, P.: A Flexible Authorization Mechanism for Relational Data Management Systems. ACM Trans. Inf. Syst. 17(2), 101–140 (1999)

    Article  Google Scholar 

  5. Bertino, E.: Purpose Based Access Control for Privacy Protection in Database Systems. In: Zhou, L.-z., Ooi, B.-C., Meng, X. (eds.) DASFAA 2005. LNCS, vol. 3453, 2, Springer, Heidelberg (2005)

    Google Scholar 

  6. Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. SACMAT 2005, pp. 102–110 (2005)

    Google Scholar 

  7. Du, Z., Lin, F.: A novel parallelization approach for hierarchical clustering. Parallel Computing 31(5), 523–527 (2005)

    Article  Google Scholar 

  8. Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and ystemsSecurity, vol. 4(3) (August 2001)

    Google Scholar 

  9. Griffiths, P., Wade, B.: An Authorization Mechanism for a Relational Database System. ACM TODS 1(3), 242–255 (September 1976)

    Article  Google Scholar 

  10. Hitchens, M., Varadarajan, V.: Tower: A Language for Role-Based Access Control. In: Proceedings of the Strategies Workshop, Bristol, UK (2001)

    Google Scholar 

  11. Keahey, K., Welch, V.: Fine-Grain Authorization for Resource Management in the Grid Environment. In: Parashar, M. (ed.) GRID 2002. LNCS, vol. 2536, pp. 199–206. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Kim, D., Ray, I., France, R., Li, N.: Modeling Role-Based Access Control Using Parameterized UML Models. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 180–193. Springer, Heidelberg (2004)

    Google Scholar 

  13. Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. In: ACM SIGOPS Operating Systems Review (July 2002)

    Google Scholar 

  14. Lee, J., Yeung, D., Tsang, E.: Hierarchical clustering based on ordinal consistency. Pattern Recognition 38(11), 1913–1925 (2005)

    Article  MATH  Google Scholar 

  15. Schlegelmilch, J.: Role mining with ORCA. SACMAT 2005, pp. 168–176 (2005)

    Google Scholar 

  16. Tachikawa, T., Higaki, H., Takizawa, M.: Purpose-Oriented Access Control Model in Object-Based Systems. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 38–49. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  17. Thompson, M., Essiari, A., Keahey, K., Welch, V., Lang, S., Liu, B.: Fine-Grained Authorization for Job and Resource Management Using Akenti and the Globus Toolkit. CoRR cs.DC/0306070 (2003)

    Google Scholar 

  18. Yang, Q., Cheng, H.: Case Mining from Large Databases. In: Ashley, K.D., Bridge, D.G. (eds.) ICCBR 2003. LNCS, vol. 2689, pp. 691–702. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Zhang, J., Xiong, M., Yu, Y.: Mining Query Log to Assist Ontology Learning from Relational Database. In: Zhou, X., Li, J., Shen, H.T., Kitsuregawa, M., Zhang, Y. (eds.) APWeb 2006. LNCS, vol. 3841, pp. 437–448. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Kevin Chen-Chuan Chang Wei Wang Lei Chen Clarence A. Ellis Ching-Hsien Hsu Ah Chung Tsoi Haixun Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Song, J., Wang, D., Bao, Y., Yu, G., Qi, W. (2007). Mining Purpose-Based Authorization Strategies in Database System. In: Chang, K.CC., et al. Advances in Web and Network Technologies, and Information Management. APWeb WAIM 2007 2007. Lecture Notes in Computer Science, vol 4537. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72909-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-72909-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-72908-2

  • Online ISBN: 978-3-540-72909-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics