Concurrent and Real-Time Update of Access Control Policies

Indrakshi Ray⁷ &
Tai Xin⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2736))

Included in the following conference series:

International Conference on Database and Expert Systems Applications

664 Accesses
5 Citations

Abstract

Access control policies are security policies that govern access to resources. Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. We consider an environment in which different kinds of transactions execute concurrently some of which are policy update transactions. Updating policy objects while they are deployed can lead to potential security problems. We propose two algorithms that not only prevent such security problems, but also ensure serializable execution of transactions. The algorithms differ on the degree of concurrency provided.

This work was done in part while the author was working as a Visiting Faculty at Air Force Research Laboratory, Rome, NY in Summer 2002.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Fast Distributed Evaluation of Stateful Attribute-Based Access Control Policies

Update Policies

Idea: Supporting Policy-Based Access Control on Database Systems

References

Ammann, P., Jajodia, S., Ray, I.: Applying Formal Methods to Semantic-Based Decomposition of Transactions. ACM Transactions on Database Systems 22(2), 215–254 (1997)
Article Google Scholar
Badrinath, B.R., Ramamritham, K.: Semantics-based concurrency control: Beyond commutativity. ACM Transactions on Database Systems 17(1), 163–199 (1992)
Article Google Scholar
Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley, Reading (1987)
Google Scholar
Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proceedings of the Policy Workshop, Bristol, U.K. (January 2001)
Google Scholar
Damianou, N., Tonouchi, T., Dulay, N., Lupu, E., Sloman, M.: Tools for Domain-based Policy Management of Distributed Systems. In: Proceedings of the IEEE/IFIP Network Operations and Management Symposium, Florence, Italy (April 2002)
Google Scholar
Damianou, N.C.: A Policy Framework for Management of Distributed Systems. PhD thesis, Imperial College of Science, Technology and Medicine, University of London, London, U.K. (2002)
Google Scholar
Thomas Haigh, J., et al.: Assured Service Concepts and Models: Security in Distributed Systems. Technical Report RL-TR-92-9, Rome Laboratory, Air Force Material Command, Rome, NY (January 1992)
Google Scholar
Garcia-Molina, H.: Using semantic knowledge for transaction processing in a distributed database. ACM Transactions on Database Systems 8(2), 186–213 (1983)
Article Google Scholar
Herlihy, M.P., Weihl, W.E.: Hybrid concurrency control for abstract data types. Journal of Computer and System Sciences 43(1), 25–61 (1991)
Article MATH Google Scholar
Korth, H.F., Speegle, G.: Formal aspects of concurrency control in long-ouration transaction systems using the NT/PV model. ACM Transactions on Database Systems 19(3), 492–535 (1994)
Article Google Scholar
Lynch, N.A.: Multilevel atomicity –A new correctness criterion for database concurrency control. ACM Transactions on Database Systems 8(4), 484–502 (1983)
Article MATH MathSciNet Google Scholar
Schneider, E.A., Kalsow, W., TeWinkel, L., Carney, M.: Experimentation with Adaptive Security Policies. Technical Report RL-TR-96-82, Rome Laboratory, Air Force Material Command, Rome, NY (June 1996)
Google Scholar
Schneider, E.A., Weber, D.G., de Groot, T.: Temporal Properties of Distributed Systems. Technical Report RADC-TR-89-376, Rome Air Development Center, Rome, NY (September 1989)
Google Scholar
Thomasian, A.: Concurrency Control: Methods, Performance and Analysis. ACM Computing Surveys 30(1), 70–119 (1998)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science, Colorado State University,
Indrakshi Ray & Tai Xin

Authors

Indrakshi Ray
View author publications
You can also search for this author in PubMed Google Scholar
Tai Xin
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Gerstner Laboratory, Czech Technical University in Prague, Technická 2, 166 27, Prague 6, Czech Republic
Vladimír Mařík
Johannes Kepler University Linz, Altenberger Str. 69, 4040, Linz, Austria
Werner Retschitzegger
Faculty of Electrical Engineering, The Gerstner Laboratory, Czech Technical University in Prague, Technická 2, 166 27, Prague 6, Czech Republic
Olga Štěpánková

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ray, I., Xin, T. (2003). Concurrent and Real-Time Update of Access Control Policies. In: Mařík, V., Retschitzegger, W., Štěpánková, O. (eds) Database and Expert Systems Applications. DEXA 2003. Lecture Notes in Computer Science, vol 2736. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45227-0_33

Download citation

DOI: https://doi.org/10.1007/978-3-540-45227-0_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40806-2
Online ISBN: 978-3-540-45227-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics