Article

Systematic control and management of data integrity

Authors:

Elisa BertinoAuthors Info & Claims

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

Pages 101 - 110

https://doi.org/10.1145/1133058.1133074

Published: 07 June 2006 Publication History

Abstract

Integrity has long been considered a fundamental requirement for secure computerized systems, and especially today's demand for data integrity is stronger than ever as many organizations are in-creasing their reliance on data and information systems. A number of recently enacted data privacy regulations also require high in-tegrity for personal data. In this paper, we discuss various issues concerning systematic control and management of data integrity with a primary focus on access control. We first examine some previously proposed integrity models and define a set of integrity requirements. We then present an architecture for comprehensive integrity control systems, which has its basis on data validation and metadata management. We also provide an integrity control policy language that we believe is flexible and intuitive.

References

[1]

M. Greenwald, A. Keromytis, S. Ioannidis and J. Smith. Scalable security policy mechanisms for the internet. Technical Report MS-CIS-01-05, University of Pennsylvania, 2001.]]

[2]

G. Ahn and R. Sandhu. The RSL99 language for role-based separation of duty constraints. In the Fourth ACM Role-Based Access Control Workshop, 1999.]]

Digital Library

[3]

E. Bertino and R. Sandhu. Database security - concepts, approaches, and challenges. IEEE Transaction on dependable and secure computing, 2005.]]

Digital Library

[4]

K. Beznosov and Y. Deng. A framework for implementing role-based access control using CORBA security service. In the Fourth ACM Role-Based Access Control Workshop, 1999.]]

Digital Library

[5]

K.J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, Mitre, 1977.]]

[6]

M. Bishop. Computer Security: Art and Science. Addison-Wesley, 2003.]]

[7]

F. Chen and R. Sandhu. Constraints for role-based access control. In the First ACM/NIST Role Based Access Control Workshop, 1995.]]

Digital Library

[8]

D. Clark and D. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, 1987.]]

[9]

N. Damianou. A Policy Framework for Management of Distributed Systems. PhD thesis, The Imperial College of Science, London, 2002.]]

[10]

D. Ferraiolo, J. Cugini, and R. Kuhn. Role-based access control(RBAC): Features and motivations. In Computer Security Applications Conference, 1995.]]

[11]

Organization for Economic Co-operation and Development m(OECD). OECD guidelines on the protection of privacy and transborder flows of personal data, 1980. Available at www1.oecd.org/publications/e-book/9302011E.PDF.]]

[12]

T. Fraser. LOMAC: Low water-mark integrity protection for COTS environments. In IEEE Symposium on Security and Privacy, 2000.]]

Digital Library

[13]

S. Garfinkel. Database Nation: The Death of Privacy in the 21st Century. O'Reilly, 2000.]]

Digital Library

[14]

R. Hayton, J. Bacon, and K. Moody. Access control in an open distributed environment. In IEEE Symposium on Security and Privacy, 1998.]]

[15]

M. Hitchens and V. Varadharajan. Tower: A language for role based access control. In the Policy Workshop, 2001.]]

Digital Library

[16]

J. Hoagland, R. Pandney, and K. Levitt. Security policy specification using a graphical approach. Technical Report CSE-98-3, University of California, Davis, 1998.]]

[17]

R. Bhatia, J. Lobo, and S. Naqvi. A policy description language. In the Sixteenth National Conference on Artificial Intelligence, 1999.]]

Digital Library

[18]

S. Jajodia, P. Samarati, and V. Subrahmanian. A logical language for expressing authorisations. In IEEE Symposium on Security and Privacy, 1997.]]

Digital Library

[19]

M. Kohli and J. Lobo. Policy based management of telecommunication networks. In the Policy Workshop, 1999.]]

[20]

J. Moffet and M. Sloman. Policy hierarchies for distributed systems management. IEEE JSAC Special Issue on Network Management, 11(9):1404--1414, December 1993.]]

[21]

M. Nash and K. Poland. Some conundrums concerning separation of duty. In IEEE Symposium on Security and Privacy, 1990.]]

[22]

United State Department of Justice. The federal privacy act, 1974. Available at www.usdoj.gov/foia/privstat.htm.]]

[23]

United State Office of Management and Budget. Guidelines for ensuring and maximizing the quality, objectivity, utility, and integrity of information disseminated by federal agencies, 2002. Available at http://www.whitehouse.gov/omb/fedreg/reproducible.html.]]

[24]

R. Ortalo. A flexible method for information system security policy specification. In the 5th European Symposium on Research in Computer Security (ESORIC), 1998.]]

Digital Library

[25]

R. Ramakrishnan and J. Gehrke. Database Management Systems. McGraw-Hill, 2000.]]

Digital Library

[26]

A. Ribeiro, A. Zuquete, and P. Ferreira. SPL: An access control language for security policies with complex constraints. In Network and Distributed Security Symposium (NDSS), 2001.]]

[27]

R. Sandhu. Transaction control expressions for separation of duties. In the 4th Aerospace Computer Security Conference, 1988.]]

[28]

R. Sandhu. Terminology, criteria and system architectures for data integrity. In the NIST Invitational Workshop on Data Integrity, 1989.]]

[29]

R. Sandhu. Separation of duties in computerized information systems. In the IFIP WG11.3 Workshop on Database Security, 1990.]]

[30]

R. Sandhu. On five definitions of data integrity. In the IFIP WG11.3 Workshop on Database Security, 1993.]]

Digital Library

[31]

R. Sandhu and S. Jajodia. Integrity mechanisms in database management systems. In NIST-NCSC National Computer Security Conference, 1990.]]

[32]

R. Simon and M. Zurko. Separation of duty in role-based environments. In the 10th Computer Security Foundation Workshop, 1997.]]

Digital Library

[33]

Y. Snir, Y. Ramberg, J. Strassner, R. Cohen, and B. Moore. Policy QoS information model, 2003. Available at ftp://ftp.rfc-editor.org/in-notes/rfc3644.txt.]]

Cited By

Harley KCooper R(2021)Information IntegrityACM Computing Surveys10.1145/343681754:2(1-35)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3436817
Bertino EVerma DCalo S(2018)A Policy System for Control of Data Fusion Processes and Derived Data2018 21st International Conference on Information Fusion (FUSION)10.23919/ICIF.2018.8455563(807-813)Online publication date: Jul-2018
https://doi.org/10.23919/ICIF.2018.8455563
Albalawi TMelton ARothstein M(2016)A New Approach to Data Dynamic Integrity ControlProceedings of the International Conference on Internet of things and Cloud Computing10.1145/2896387.2896394(1-8)Online publication date: 22-Mar-2016
https://dl.acm.org/doi/10.1145/2896387.2896394
Show More Cited By

Index Terms

Systematic control and management of data integrity
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Data and code integrity in Grid environments
SMO'06: Proceedings of the 6th WSEAS International Conference on Simulation, Modelling and Optimization

In a large distributed system such as the Grid, ensuring data integrity is of particular importance. Since in a same network honest users and possible malicious entities live together, the risks of unauthorized alterations of data and information cannot ...
Integrity constraints in trust management
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then we address ...
A New Approach to Data Dynamic Integrity Control
ICC '16: Proceedings of the International Conference on Internet of things and Cloud Computing

Proper access control is one of the most important issues in computer security. It consists of securing a system with respect to availability, confidentiality, and integrity. Integrity is about making sure that only proper modifications take place. Some ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '06: Proceedings of the eleventh ACM symposium on Access control models and technologies

June 2006

256 pages

ISBN:1595933530

DOI:10.1145/1133058

General Chair:
David Ferraiolo
NIST, USA
,
Program Chair:
Indrakshi Ray
Colorado State University, USA

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT06

Sponsor:

SACMAT06: 11th ACM Symposium on Access Control Models and Technologies 2006

June 7 - 9, 2006

California, Lake Tahoe, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
1,427
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Harley KCooper R(2021)Information IntegrityACM Computing Surveys10.1145/343681754:2(1-35)Online publication date: 9-Feb-2021
https://dl.acm.org/doi/10.1145/3436817
Bertino EVerma DCalo S(2018)A Policy System for Control of Data Fusion Processes and Derived Data2018 21st International Conference on Information Fusion (FUSION)10.23919/ICIF.2018.8455563(807-813)Online publication date: Jul-2018
https://doi.org/10.23919/ICIF.2018.8455563
Albalawi TMelton ARothstein M(2016)A New Approach to Data Dynamic Integrity ControlProceedings of the International Conference on Internet of things and Cloud Computing10.1145/2896387.2896394(1-8)Online publication date: 22-Mar-2016
https://dl.acm.org/doi/10.1145/2896387.2896394
Fuchimoto CAritsugi M(2011)Annotations on access controls in wikisProceedings of the 13th International Conference on Information Integration and Web-based Applications and Services10.1145/2095536.2095603(359-362)Online publication date: 5-Dec-2011
https://dl.acm.org/doi/10.1145/2095536.2095603
Bertino EDai CLim HLin D(2008)High-Assurance Integrity Techniques for DatabasesProceedings of the 25th British national conference on Databases: Sharing Data, Information and Knowledge10.1007/978-3-540-70504-8_26(244-256)Online publication date: 7-Jul-2008
https://dl.acm.org/doi/10.1007/978-3-540-70504-8_26
Kondo SIwaihara MYoshikawa MTorato M(2008)Extending RBAC for Large Enterprises and Its Quantitative Risk EvaluationTowards Sustainable Society on Ubiquitous Networks10.1007/978-0-387-85691-9_9(99-112)Online publication date: 2008
https://doi.org/10.1007/978-0-387-85691-9_9

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten