Title :
Naming and grouping privileges to simplify security management in large databases
Author :
Baldwin, Robert W.
Author_Institution :
Tandem Comp., Cupertino, CA, USA
Abstract :
An extension is described to ANSI SQI that simplifies security management by reducing the complexity of the access controls on database objects and by providing users with the flexibility to define administrative roles (like auditor or security administrator) that match their requirements for the separation of duties. The benefit of simplified security management is improved security. The main features of this extension have been implemented in the Oracle RDBMS and have been adopted for a future version of the ANSI SQL standard. This study focuses on major concepts and issues, not syntax and implementation. The key idea is to allow users to group and name privileges to form named protection domains (NPDs). The Clark-Wilson (1987) and Bell-LaPadula (1973) models are used to illustrate the benefits and limitations of NPDs. The main conclusion is that the naming and abstraction mechanism provided by NPDs can simplify security management in much the same way that procedures can simplify programming
Keywords :
DP management; query languages; relational databases; security of data; standards; ANSI SQI; Bell-LaPadula model; Clark-Wilson model; Oracle; abstraction mechanism; access controls; administrative roles; auditor; large databases; named protection domains; privilege grouping; privilege naming; relational DBMS; security management; separation of duties; ANSI standards; Access control; Application software; Computer security; Data security; Information management; Information security; Protection; Relational databases; Spatial databases;
Conference_Titel :
Research in Security and Privacy, 1990. Proceedings., 1990 IEEE Computer Society Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
0-8186-2060-9
DOI :
10.1109/RISP.1990.63844
