Abstract
Policy consistency checker is an essential part of database access control systems. Realizing checking mechanisms for policy inconsistencies is a non-trivial task due to large amounts of rules and various kinds of rule patterns on fine-grained database objects and complicated interrelationships among those rules. We propose a novel rule-based mechanism for checking fine-grained access control policy inconsistencies for relational databases. In particular, we present necessary concepts and implementation design of the inconsistency checking mechanism. We specify policies, with conditions, on fine-grained objects through if-then authorization rules. We compute rule inconsistencies by employing the java-based open-source rule engine Jess.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Rizvi, S., Mendelzon, A.O., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD Conf., pp. 551–562 (2004)
Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symposium on Security and Privacy, pp. 94–107 (1996)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: SIGMOD Conf., pp. 474–485 (1997)
Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: ICDE, pp. 339–347 (1989)
Bird, P.: Implementing low level access control with db2 udb. The IDUG Solution Journal 7(3) (2000)
Nanda, A., Burleson, D.K.: Oracle Privacy Security Auditing. Rampant (2003)
Browder, K., Davidson, M.A.: The virtual private database in Oracle9iR2. Technical report, Oracle Corporation (2002), http://www.oracle.com/technology/deploy/security/oracle9ir2/pdf/VPD9ir2twp.pdf
Friedman-Hill, E.: (Jess rule engine), http://herzberg.ca.sandia.gov/jess/
Ullman, J.D.: Principles of Database and Knowledge-Base Systems, vol. I. Computer Science Press (1988)
Purevjii, B.O., Aritsugi, M., Imai, S., Kanamori, Y., Pancake, C.M.: Protecting personal data with various granularities: A logic-based access control approach. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3802, pp. 548–553. Springer, Heidelberg (2005)
Purevjii, B.O., Aritsugi, M., Kanamori, Y., Pancake, C.M.: A unified framework for evaluating data-dependent access control systems. IPSJ Digital Courier 2, 14–24 (2006)
Forgy, C.: Rete: A fast algorithm for the many patterns/many objects match problem. Artif. Intell. 19, 17–37 (1982)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Purevjii, BO., Aritsugi, M., Imai, S., Kanamori, Y. (2007). An Implementation Design of a Fine-Grained Database Access Control Policy Consistency Checking Mechanism. In: Apolloni, B., Howlett, R.J., Jain, L. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2007. Lecture Notes in Computer Science(), vol 4693. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74827-4_95
Download citation
DOI: https://doi.org/10.1007/978-3-540-74827-4_95
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74826-7
Online ISBN: 978-3-540-74827-4
eBook Packages: Computer ScienceComputer Science (R0)