article

An authorization model for temporal and derived data: securing information portals

Authors:

Vijayalakshmi Atluri,

Avigdor GalAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 5, Issue 1

Pages 62 - 94

https://doi.org/10.1145/504909.504912

Published: 01 February 2002 Publication History

Abstract

The term information portals refers to Web sites that serve as main providers of focused information, gathered from distributed data sources. Gathering and disseminating information through information portals introduce new security challenges. In particular, the authorization specifications, as well as the granting process, are temporal by nature. Also, more often than not, the information provided by the portal is in fact derived from more than one backend data source. Therefore, any authorization model for information portals should support access control based on temporal characteristics of the data, and also should provide tools to prevent indirect unauthorized access through the use of derived data. In this article we focus our attention on devising such an authorization model. The distinguishing features of this model include: (1) the specification of authorizations based on temporal characteristics of data, and (2) a formal framework to derive authorizations in a consistent and safe manner, based on relationships among data.

References

[1]

ATLURI, V. AND HUANG, W.-K. 1996. An authorization model for workflows. In Proceedings of the Fifth European Symposium on Research in Computer Security (Sept.), in Lecture Notes in Computer Science, vol. 1146, Springer-Verlag, New York, 44-64.

[2]

ATLURI, V. AND HUANG, W.-K. 1997. Enforcing mandatory and discretionary security in workflow management systems. J. Comput. Sec. 5, 4, 303-339.

[3]

BERTINO, E., BETTINI, C., AND SAMARATI, P. 1994. A temporal authorization model. In Proceedings of the Second ACM Conference on Computer and Communications Security (Fairfax, Va., Nov.), 126-135.

[4]

BERTINO, E., FERRARI, E., AND ATLURI, V. 1997. A flexible model supporting the specification and enforcement of role-based authorizations in workflow management systems. In Proceedings of the Second ACM Workshop on Role-Based Access Control (Nov.), 1-12.

[5]

BERTINO, E., SAMARATI, P., AND JAJODIA, S. 1993a. Authorizations in relational database management systems. In Proceedings of the First ACM Conference on Computer and Communications Security (Fairfax, Va., Nov.), 130-139.

[6]

BERTINO, E., SAMARATI, P., AND JAJODIA, S. 1993b. High assurance discretionary access control for object bases. In Proceedings of the First ACM Conference on Computer and Communications Security (Fairfax, Va., Nov.), 140-150.

[7]

BERTINO, E., BETTINI, C., FERRARI, E., AND SAMARATI, P. 1996. A temporal access control mechanism for database systems. IEEE Trans. Knowl. Data Eng. 8, 1, 67-80.

[8]

BERTINO, E., BETTINI, C., FERRARI, E., AND SAMARATI, P. 1998. An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Sys. 23, 3, 231-285.

[9]

BLAUSTEIN, B., MCCOLLUM, C., NOTARGIACOMO, L., SMITH, K., AND GRAUBART, R. 1995. Autonomy and confidentiality: Secure federated data management. In Proceedings of the Second International Workshop on Next Generation Information Technologies and Systems (NGITS '95) (Nahariya, Israel, June), 59-68.

[10]

CLARK, D. D. AND WILSON, D. R. 1987. A comparison of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., April), 184-194.

[11]

CLIFFORD, J. AND TANSEL, A. U. 1985. On an algebra for historical relational databases: Two views. In Proceedings of ACM SIGMOD (May), 247-265.

[12]

DI VIMERCATI, S. D. C. AND SAMARATI, P. 1997. Authorization specification and enforcement in federated database systems. J. Comput. Sec. 5, 2, 155-188.

[13]

ETZION, O. 1993. PARDES-a data-driven oriented active database model. ACM SIGMOD Rec. 22, 1 (March), 7-14.

[14]

FERNANDEZ, E. B., GUDES, E., AND SONG, H. 1989. A security model for object-oriented databases. In Proceedings of the IEEE Symposium on Security and Privacy (May), 110-115.

[15]

GAL, A. 1999. Semantic interoperability in information services: Experiencing with CoopWARE. ACM SIGMOD Rec. 28, 1, 68-75.

[16]

GAL, A. AND ATLURI, V. 2000. An authorization model for temporal data. In Proceedings of the Seventh ACM Conference on Computer and Communication Security (Athens, Greece, Nov.), 144-153.

[17]

GAL, A., ETZION, O., AND SEGEV, A. 1996. TALE-A temporal active language and execution model. In Advanced Information Systems Engineering, P. Constantopoulos, J. Mylopoulos, and Y. Vassiliou, Eds., Springer-Verlag, New York, 60-81.

[18]

JENSEN, C., CLIFFORD, J., GADIA, S., SEGEV, A., AND SNODGRASS, R. 1992. A glossary of temporal database concepts. ACM SIGMOD Rec. 21, 3, 35-43.

[19]

JONSCHER, D. AND DITTRICH, K. 1994. An approach for building secure database federations. In Proceedings of the Twentieth International Conference on Very Large Data Bases (VLDB '94) (Santiago de Chile, Chile), J. Bocca, M. Jarke, and C. Zaniolo, Eds., Morgan Kaufmann, San Mateo, Calif., 24-35.

[20]

PISSINOU, N., SNODGRASS, R., ELMASRI, R., MUMICK, I., OZSU, M., PERNICI, B., SEGEV, A., AND THEODOULIDIS, B. 1994. Towards an infrastructure for temporal databases-A workshop report. ACM SIGMOD Rec. 23,1,35.

[21]

RABITTI, F., BERTINO, E., KIM, W., AND WOELK, D. 1991. A model of authorization for next-generation database systems. ACM Trans. Database Syst. 16, 1 (March), 88-131.

[22]

ROSENTHAL, A. AND SCIORE, E. 1998. Propagating integrity information among interrelated databases. In Proceedings of the IFIP 11.6 Workshop on Data Integrity and Control (Warrenton Va.), 5-18.

[23]

ROSENTHAL, A. AND SCIORE, E. 1999. First class views: A key to user-centered computing. SIGMOD Rec. 28, 3, 22-28.

[24]

ROSENTHAL, A., SCIORE, E., AND DOSHI, V. 1999. Security administration for federations, warehouses, and other derived data. In Research Advances in Database and Information Systems Security, 209-223.

[25]

SAMARATI, P., AMMANN, P., AND JAJODIA, S. 1994. Propagation of authorizations in distributed database systems. In Proceedings of the Second ACM Conference on Computer and Communications Security (Fairfax, Va., Nov.), 136-147.

[26]

SAMARATI, P., BERTINO, E., AND JAJODIA, S. 1996. An authorization model for a distributed hypertext system. IEEE Trans. Knowl. Data Eng. 8, 4, 555-562.

[27]

SANDHU, R. S. 1988. Transaction control expressions for separation of duties. In Proceedings of the Fourth Computer Security Applications Conference, 282-286.

[28]

SANDHU, R. S. 1991. Separation of duties in computerized information systems. In Database Security, IV: Status and Prospects, S. Jajodia and C. Landwehr, Eds., North Holland, Amsterdam, The Netherlands, 179-189.

[29]

SANDHU, R. S. ET AL. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.

[30]

SHOHAM, Y. 1988. Reasoning about Change: Time and Causation from the Standpoint of Artificial Intelligence. MIT Press, Cambridge, Mass.

[31]

SPOONER, D. L. 1989. The impact of inheritance on security in object-oriented database systems. In Database Security, II: Status and Prospects, Carl E. Landwehr, Ed., North-Holland, Amsterdam, The Netherlands, 141-160.

[32]

TEMPLETON, M., LUND, E., AND WARD, P. 1987. Pragmatics of access control in Mermaid. Data Eng. 10, 3 (Sept.), 33-38. Special issue on federated database systems.

[33]

THOMAS, R. K. AND SANDHU, R. S. 1993. Discretionary access control in object-oriented databases. In Proceedings of the Sixteenth National Computer Security Conference (Baltimore, Md., Sept.), 63-74.

[34]

WANG, C. AND SPOONER, D. 1987. Access control in a heterogeneous distributed database management system. In Proceedings of the IEEE Sixth Symposium on Reliability in Distributed Software and Database Systems (Williamsburg, Va., March), 84-92.

[35]

WOO, T. Y. AND LAM, S. S. 1992. Authorization in distributed systems: A formal approach. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May), 33-50.

[36]

WOO, T. Y. AND LAM, S. S. 1993. A framework for distributed authorization. In Proceedings of the First ACM Conference on Computer and Communications Security (Fairfax, Va., Nov.), 112-118.

Cited By

Arora AGosain A(2021)Intrusion detection system for data warehouse with second level authenticationInternational Journal of Information Technology10.1007/s41870-021-00659-1Online publication date: 17-Apr-2021
https://doi.org/10.1007/s41870-021-00659-1
Zhang YJoshi J(2018)Temporal Access ControlEncyclopedia of Database Systems10.1007/978-1-4614-8265-9_385(3894-3899)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-1-4614-8265-9_385
Majchrzycka APoniszewska-Maranda A(2017)Control Operation Flow for Mobile Access Control with the Use of MABAC ModelTowards a Synergistic Combination of Research and Practice in Software Engineering10.1007/978-3-319-65208-5_13(179-192)Online publication date: 6-Aug-2017
https://doi.org/10.1007/978-3-319-65208-5_13
Show More Cited By

Index Terms

An authorization model for temporal and derived data: securing information portals

Recommendations

An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
An access and inference control model for time series databases
Abstract
Today, many applications produce and use time series data. The data of this type may contain sensitive information. So they should be protected against unauthorized accesses. In this paper, security issues of time series data are ...
Highlights
- An access and inference control model for time series data to satisfy identified security requirements.
Decentralized administration for a temporal access control model

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 5, Issue 1

February 2002

94 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/504909

Issue’s Table of Contents

Copyright © 2002 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2002

Published in TISSEC Volume 5, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
1,537
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arora AGosain A(2021)Intrusion detection system for data warehouse with second level authenticationInternational Journal of Information Technology10.1007/s41870-021-00659-1Online publication date: 17-Apr-2021
https://doi.org/10.1007/s41870-021-00659-1
Zhang YJoshi J(2018)Temporal Access ControlEncyclopedia of Database Systems10.1007/978-1-4614-8265-9_385(3894-3899)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-1-4614-8265-9_385
Majchrzycka APoniszewska-Maranda A(2017)Control Operation Flow for Mobile Access Control with the Use of MABAC ModelTowards a Synergistic Combination of Research and Practice in Software Engineering10.1007/978-3-319-65208-5_13(179-192)Online publication date: 6-Aug-2017
https://doi.org/10.1007/978-3-319-65208-5_13
Simpson W(2016)- Database AccessEnterprise Level Security10.1201/b20115-27(240-273)Online publication date: 27-Apr-2016
https://doi.org/10.1201/b20115-27
den Hartog JZannone NBertino ESandhu RKrishnan R(2016)A Policy Framework for Data Fusion and Derived Data ControlProceedings of the 2016 ACM International Workshop on Attribute Based Access Control10.1145/2875491.2875492(47-57)Online publication date: 11-Mar-2016
https://dl.acm.org/doi/10.1145/2875491.2875492
Sabri KObeid N(2016)A temporal defeasible logic for handling access control policiesApplied Intelligence10.1007/s10489-015-0692-844:1(30-42)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1007/s10489-015-0692-8
Zhang YJoshi J(2016)Temporal Access ControlEncyclopedia of Database Systems10.1007/978-1-4899-7993-3_385-2(1-5)Online publication date: 26-Oct-2016
https://doi.org/10.1007/978-1-4899-7993-3_385-2
Uzun EAtluri VVaidya JSural SFerrara AParlato GMadhusudan P(2014)Security analysis for temporal role based access controlJournal of Computer Security10.5555/2699777.269978022:6(961-996)Online publication date: 1-Nov-2014
https://dl.acm.org/doi/10.5555/2699777.2699780
Bai YKhan K(2013)Ell Secure Information System Using Modal Logic TechniqueDeveloping and Evaluating Security-Aware Software Systems10.4018/978-1-4666-2482-5.ch008(125-137)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2482-5.ch008
Poniszewska-Maranda A(2012)UML Representation of Extended Role-Based Access Control Model with the Use of Usage Control ConceptMultidisciplinary Research and Practice for Information Systems10.1007/978-3-642-32498-7_11(131-145)Online publication date: 2012
https://doi.org/10.1007/978-3-642-32498-7_11
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents