Abstract
Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied. The access control decision is enforced by a mechanism implementing regulations established by a security policy. Different access control policies can be applied, corresponding to different criteria for defining what should, and what should not, be allowed, and, in some sense, to different definitions of what ensuring security means. In this chapter we investigate the basic concepts behind access control design and enforcement, and point out different security requirements that may need to be taken into consideration. We discuss several access control policies, and models formalizing them, that have been proposed in the literature or that are currently under investigation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15:706–734, 1993. 173, 174
R. Ahad, J. David, S. Gower, P. Lyngbaek, A. Marynowski, and E. Onuebge. Supporting access control in an object-oriented database language. In Proc. of the Int. Conference on Extending Database Technology (EDBT), Vienna, Austria, 1992. 171
G. Ahn and R. Sandhu. The RSL99 language for role-based separation of duty constraints. In Proc. of the fourth ACM Workshop on Role-based Access Control, pages 43–54, Fairfax, VA, USA, October 1999. 181
A. Aho, J. Hoperoft, and J. Ullman. The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974. 143
J. P. Anderson. Computer security technology planning study. Technical Report ESD-TR-73-51, Electronic System Division/AFSC, Bedford, MA, October 1972.138
Apache http server version 2.0. http://www.apache.org/docs-2.0/misc/tutorials.html. 171
V. Atluri, S. Jajodia, and B. George. Multilevel Secure Transaction Processing. Kluwer Academic Publishers, 1999. 161
P. Atzeni, S. Ceri, S. Paraboschi, and R. Torlone. Database Systems. McGraw-Hill, 1999. 177
Robert W. Baldwin. Naming and grouping privileges to simplify security management in large database. In Proceedings IEEE Computer Society Symposium on Research in Security and Privacy, pages 61–70, Oakland, CA, April 1990. 180,181
D. E. Bell. Secure computer systems: A refinement of the mathematical model. Technical Report ESD-TR-278, vol. 3, The Mitre Corp., Bedford, MA, 1973. 152,153
D. E. Bell and L. J. LaPadula. Secure computer system: Unified exposition and multics interpretation. Technical Report ESD-TR-278, vol. 4, The Mitre Corp., Bedford, MA, 1973. 152
D. E. Bell and L. J. LaPadula. Secure computer systems: Mathematical foundations. Technical Report ESD-TR-278, vol. 1, The Mitre Corp., Bedford, MA, 1973.50, 152
E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3):231–285, September 1998. 172, 173
E. Bertino, S. de Capitani di Vimercati, E. Ferrari, and P. Samarati. Exceptionbased information flow control in object-oriented systems. ACM Transactions on Information and System Security (TISSEC), 1(1):26–65, 1998. 165, 166
E. Bertino, P. Samarati, and S. Jajodia. An extended authorization model for relational databases. IEEE-TKDE, 9(1):85–101, January-February 1997. 177
K. J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, The Mitre Corporation, Bedford, MA, April 1977. 153
M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The role of trust management in distributed systems security. In Secure Internet Programming: Issues in Distributed and Mobile Object Systems. Springer Verlag-LNCS Stateof-the-Art series, 1998. 189
M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. In Proc. of 1996 IEEE Symposium on Security and Privacy, pages 164–173, Oakland, CA, May 1996. 189
W. E. Boebert and C. T. Ferguson. A partial solution to the discretionary Trojan horse problem. In Proc. of the 8th Nat. Computer Security Conf., pages 141–144, Gaithersburg, MD, 1985. 164
P. Bonatti, S. de Capitani di Vimercati, and P. Samarati. A modular approach to composing access control policies. In Proc. of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000. 187
P. Bonatti and P. Samarati. Regulating service access and information release on the web. In Proc. of the Seventh ACM Conference on Computer and Communications Security, Athens, Greece, 2000. 189, 190, 191
D. F. C. Brewer and M. J. Nash. The Chinese Wall security policy. In Proc. IEEE Symposium on Security and Privacy, pages 215–228, Oakland, CA, 1989. 162, 163
S. Castano, M. G. Fugini, G. Martella, and P. Samarati. Database Security. Addison-Wesley, 1995. 178
Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust management for Web applications. Computer Networks and ISDN Systems, 29(8-13):953–964, 1997. 189
D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In Proceedings IEEE Computer Society Symposium on Security and Privacy, pages 184–194, Oakland, CA, May 1987. 178
E. Damiani, S. de Capitani di Vimercati, S. Paraboschi, and P. Samarati. Design and implementation of an access control processor for XML documents. Computer Networks, 33(1-6):59–75, June 2000. 191
E. Damiani, S. de Capitani di Vimercati, S. Paraboschi, and P. Samarati. Fine grained access control for SOAP e-services. In Tenth International World Wide Web Conference, Hong Kong, China, May 2001. 191
C. J. Date. An Introduction to Database Systems. Addison-Wesley, 6th edition, 1995. 166
S. Dawson, S. de Capitani di Vimercati, P. Lincoln, and P. Samarati. Minimal data upgrading to prevent inference and association attacks. In Proc. of the 18th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), Philadelphia, CA, 1999. 156, 159
D. E. Denning. A lattice model of secure information flow. Communications of the ACM, 19(5):236–243, May 1976. 149, 161, 164
D. E. Denning. Cryptography and Data Security. Addison-Wesley, Reading, MA, 1982.
D. E. Denning. Commutative filters for reducing inference threats in multilevel database systems. In Proc. of the 1985 IEEE Symposium on Security and Privacy, pages 134–146, April 1985. 160
S. de Capitani di Vimercati, P. Samarati, and S. Jajodia. Hardware and software data security. In Encyclopedia of Life Support Systems. EOLSS publishers, 2001. To appear.
E. B. Fernandez, E. Gudes, and H. Song. A model for evaluation and administration of security in object-oriented databases. IEEE Transaction on Knowledge and Data Engineering, 6(2):275–292, 1994. 169, 171
D. Ferraiolo and R. Kuhn. Role-based access controls. In Proc. of the 15th NISTNCSC Naional Computer Security Conference, pages 554–563, Baltimore, MD, October 1992. 181
R. Focardi and R. Gorrieri. The compositional security checker: A tool for the verification of information flow security properties. IEEE Transactions on Software Engineering, 23(9), September 1997. 161
T. D. Garvey and T. F. Lunt. Cover stories for database security. In C. E. Landwehr and S. Jajodia, editors, Database Security, V: Status and Prospects, North-Holland, 1992. Elsevier Science Publishers. 159
B. Gladman, C. Ellison, and N. Bohm. Digital signatures, certificates and electronic commerce. http://jya.com/bg/digsig.pdf. 189
J.A Goguen and J. Meseguer. Unwinding and inference control. In Proc. of the 1984 Symposium on Research in Security and Privacy, pages 75–86, 1984. 162
G. S. Graham and P. J. Denning. Protection-principles and practice. In AFIPS Press, editor, Proc. Spring Jt. Computer Conference, volume 40, pages 417–429, Montvale, N. J., 1972. 140
P. P. Griffiths and B. W. Wade. An authorization mechanism for a relational database system. ACM Transactions on Database Systems, 1(3):242–255, 1976 175
J. T. Haigh, R. C. O’Brien, and D. J. Thomsen. The LDV secure relational DBMS model. In S. Jajodia and C. E. Landwehr, editors, Database Security, IV: Status and Prospects, pages 265–279, North-Holland, 1991. Elsevier Science Publishers. 157
M. H. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976. 140
T. Jaeger and A. Prakash. Requirements of role-based access control for collaborative systems. In Proc. of the first ACM Workshop on Role-Based Access Control, Gaithersburg, MD, USA, November 1995. 181
S. Jajodia and B. Kogan. Integrating an object-oriented data model with multilevel security. In Proc. of the IEEE Symposium on Security and Privacy, pages 76–85, Oakland, CA, 1990. 166
S. Jajodia and C. Meadows. Inference problems in multilevel secure database management systems. In M. D. Abrams, S. Jajodia, and H. J. Podell, editors, Information Security: An Integrated Collection of Essays, pages 570–584. IEEE Computer Society Press, 1995. 159
S. Jajodia, P. Samarati, M. L. Sapino, and V. S. Subrahmanian. Flexible supporting for multiple access control policies. ACM Transactions on Database Systems, 2000. To appear. 168, 169, 181, 185, 186, 187, 188
S. Jajodia and R. Sandhu. Polyinstantiation for cover stories. In Proc. of the Second European Symposium on Research in Computer Security, pages 307–328, Toulouse, France, November 1992. 155, 159
S. Jajodia and Ravi S. Sandhu. Toward a multilevel secure relational data model. In Proc. CM SIGMOD International Conference on Management of Data, pages50–59, Denver, CO, May 1991. 155, 158
P. A. Karger. Limiting the damage potential of discretionary Trojan Horses. In Proc. IEEE Symposium on Security and Privacy, pages 32–37, Oakland, CA, 1987.164
R. Kemmerer. Share resource matrix methodology: an approach to identifying storage and timing channels. ACM Transactions on Computer Systems, 1(3):256–277, April 1983. 161
B. W. Lampson. Protection. In 5th Princeton Symposium on Information Science and Systems, pages 437–443, 1971. Reprinted in ACM Operating Systems Review8(1):18-24, 1974. 140
C. E. Landwehr. Formal models for computer security. ACM Computing Surveys, 13(3):247–278, 1981. 138
L. J. LaPadula and D. E. Bell. Secure computer systems: A mathematical model. Technical Report ESD-TR-278, vol. 2, The Mitre Corp., Bedford, MA, 1973. 152,153, 164
G. Lawrence. The role of roles. Computers and Security, 12(1), 1993. 181
N. Li, B. N. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proc. of the IEEE Symposium on Security and Privacy, pages 27–42, Oakland, CA, 2000. 189
Teresa Lunt. Access control policies: Some unanswered questions. In IEEE Computer Security Foundations Workshop II, pages 227–245, Franconia, NH, June 1988.168
T. F. Lunt. Aggregation and inference: Facts and fallacies. In Proc. IEEE Symposium on Security and Privacy, pages 102–109, Oakland, CA, 1989. 159
T. F. Lunt. Polyinstantiation: an inevitable part of a multilevel world. In Proc. Of the IEEE Workshop on computer Security Foundations, pages 236–238, Franconia, New Hampshire, June 1991. 155
T. F. Lunt, D. E. Denning, R. R. Schell, M. Heckman, and W. R. Shockley. The SeaView security model. IEEE Transactions on Software Engineering, 16(6):593–607, June 1990. 155, 158
C. J. McCollum, J. R. Messing, and L. Notargiacomo. Beyond the pale of MAC and DAC-Defining new forms of access control. In Proc. of the IEEE Symposium on Security and Privacy, pages 190–200, Oakland, CA, 1990. 164
J. McLean. The specification and modeling of computer security. Computer,23(1):9–16, January 1990. 153
J. McLean. Security models. In Encyclopedia of Software Engineering. Wiley Press, 1994. 161
Communication of the ACM. Special issue on internet privacy. CACM, February 1999. 190
Oracle Corporation, Redwood City, CA. Trusted Oracle7 Server Administration Guide, Version 7.0, January 1993. 159
S. Osborn, R. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Transactions on Information and System Security, 3(2):85–106, 2000. 181
W. R. Polk and L. E. Bassham. Security issues in the database language SQL. Technical Report NIST special publication 800-8, Institute of Standards and Technology, 1993. 160
X. Qian and T. F. Lunt. A MAC policy framework for multilevel relational databases. IEEE Transactions on Knowledge and Data Engineering, 8(1):1–14, February 1996. 159
F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM TODS, 16(1):89–131, March 1991. 167,169
J. Richardson, P. Schwarz, and L. Cabrera. CACL: Efficient fine-grained protection for objects. In Proceedings of OOPSLA, 1992. 171
M. Roscheisen and T. Winograd. A communication agreement framework for access/ action control. In Proc. of 1996 IEEE Symposium on Security and Privacy, pages 154–163, Oakland, CA, May 1996. 189
P. Samarati and S. Jajodia. Data security. In J. G. Webster, editor, Wiley Encyclopedia of Electrical and Electronics Engineering. John Wiley & Sons, 1999.
R. Sandhu. On five definitions of data integrity. In Proc. of the IFIP WG 11.3 Workshop on Database Security, Lake Guntersville, Alabama, September 1993. 177
R. Sandhu and F. Chen. The multilevel relational (MLR) data model. ACM Transactions on Information and System Security (TISSEC), 2000. 159
R. Sandhu, D. Ferraiolo, and R. Kuhn. The NIST model for role-based access control: Towards a unified standard. In Proc. of the fifth ACM Workshop on Rolebased Access Control, pages 47–63, Berlin Germany, July 2000. 181
R. Sandhu and Q. Munawer. The ARBAC99 model for administration of roles. In Proc. of the 15th Annual Computer Security Applications Conference, Phoenix, Arizona, December 1999. 182
R. Sandhu and P. Samarati. Authentication, access control and intrusion detection. In A. Tucker, editor, CRC Handbook of Computer Science and Engineering, pages 1929–1948. CRC Press Inc., 1997.
Ravi S. Sandhu. Transaction control expressions for separation of duties. In Fourth Annual Computer Security Application Conference, pages 282–286, Orlando, FL, December 1988. 183
Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, February 1996. 181
R. S. Sandhu. The typed access matrix model. In Proc. of 1992 IEEE Symposium on Security and Privacy, pages 122–136, Oakland, CA, May 1992. 143
K. E. Seamons, W. Winsborough, and M. Winslett. Internet credential acceptance policies. In Proceedings of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium, July 1997. 190
Security. http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html.171
H. Shen and P. Dewan. Access control for collaborative environments. In Proc. Int. Conf. on Computer Supported Cooperative Work, pages 51–58, November 1992. 167, 169
A. Stoughton. Access flow: A protection model which integrates access control and information flow. In Proc. of the IEEE Symposium on Security and Privacy, pages 9–18, Oakland, CA, 1981. 164
R. C. Summers. Secure Computing: Threats and Safeguard. McGraw-Hill, 1997.
K. G. Walter, W. F. Ogden, W. C. Rounds, F. T. Bradshaw, S. R. Ames, and D. G. Sumaway. Primitive models for computer security. Technical Report TR ESD-TR-4-117, Case Western Reserve University, 1974. 165
W. Winsborough, K. E. Seamons, and V. Jones. Automated trust negotiation. In Proc. of the DARPA Information Survivability Conf. & Exposition, Hilton Head Island, SC, USA, January 25-27 2000. IEEE-CS. 190
M. Winslett, N. Ching, V. Jones, and I. Slepchin. Assuring security and privacy for digital library transactions on the web: Client and server security policies. In Proceedings of ADL’ 97 — Forum on Research and Tech. Advances in Digital Libraries, Washington, DC, May 1997. 189, 190
M. Winslett, K. Smith, and X. Qian. Formal query languages for secure relational databases. ACM Transactions on Database Systems, 19(4):626–662, December 1994. 159
T. Y. C. Woo and S. S. Lam. Authorizations in distributed systems: A new approach. Journal of Computer Security, 2(2,3):107–136, 1993. 184
J. Wray. An analysis of covert timing channels. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, 1991. 161
T. Yu, X. Ma, and M. Winslett. An efficient complete strategy for automated trust negotiation over the internet. In Proceedings of 7th ACM Computer and Communication Security, Athens, Greece, November 2000. 190
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Samarati, P., de Vimercati, S.C. (2001). Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds) Foundations of Security Analysis and Design. FOSAD 2000. Lecture Notes in Computer Science, vol 2171. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45608-2_3
Download citation
DOI: https://doi.org/10.1007/3-540-45608-2_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42896-1
Online ISBN: 978-3-540-45608-7
eBook Packages: Springer Book Archive