DocumentCode :
783641
Title :
Applying semantic knowledge to real-time update of access control policies
Author :
Ray, Indrakshi
Author_Institution :
Dept. of Comput. Sci., Colorado State Univ., Fort Collins, CO, USA
Volume :
17
Issue :
6
fYear :
2005
fDate :
6/1/2005 12:00:00 AM
Firstpage :
844
Lastpage :
858
Abstract :
Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. Updating policies while they are in effect can lead to potential security problems, such as, access to database objects by unauthorized users. In this paper, we propose several algorithms that not only prevent such security breaches but also ensure the correctness of execution. The algorithms differ from each other in the degree of concurrency provided and the semantic knowledge used. Of the algorithms presented, the most concurrency is achieved when transactions are decomposed into atomic steps. Once transactions are decomposed, the atomicity, consistency, and isolation properties no longer hold. Since the traditional transaction processing model can no longer be used to ensure the correctness of the execution, we use an alternate semantic-based transaction processing model. To ensure correct behavior, our model requires an application to satisfy a set of necessary properties, namely, semantic atomicity, consistent execution, sensitive transaction isolation, and policy-compliant. We show how one can verify an application statically to check for the existence of these properties.
Keywords :
authorisation; concurrency control; distributed databases; formal specification; formal verification; knowledge based systems; semantic networks; transaction processing; access control policies; concurrency control; consistent execution; database system; real-time updating policy; security policy application; semantic atomicity; semantic knowledge; sensitive transaction isolation; transaction processing model; unauthorized users; Access control; Concurrency control; Concurrent computing; Data security; Database systems; Pervasive computing; Real time systems; Transaction databases; Index Terms- Access control policies; concurrency control; semantic-based transaction processing; transaction processing.;
fLanguage :
English
Journal_Title :
Knowledge and Data Engineering, IEEE Transactions on
Publisher :
ieee
ISSN :
1041-4347
Type :
jour
DOI :
10.1109/TKDE.2005.88
Filename :
1423984
Link To Document :
بازگشت