Abstract
We present an authorization model for federated systems based on a tightly coupled architecture. The model supports authorizations to build and maintain the federation as well as authorizations to access the federated data. At each component site owners declare the objects they wish to export and the access modes executable on them by users of the federation. Inclusion of objects into the federation requires their subsequent import by the federation administrator. Different degrees of authorization autonomy are supported, whereby users can retain or delegate the federation administrator the task of specifying authorizations. A site can require to authenticate the user at each access or accept his identity as communicated by the federation. An access control algorithm describing controls to be enforced at the federation and at each local site under the different authentication and administrative options is presented.
Chapter PDF
Similar content being viewed by others
References
M. Abadi, M. Burrow, B. Lampson, and G. Plotkin. A Calculus for Access Control in Distributed Systems. Technical Report 70, DEC, System Research Center, Palo Alto, February 1991.
Barbara T. Blaustein, Catherine D. McCollum, Amon Rosenthal, and Kenneth P. Smith. Autonomy and Confidentiality: Secure Federated Data Management. In Proceeding of the 2nd International Workshop on Next generation Information Technologies and Systems, Naharia, Israel, June 1995.
S. Castano, M.G. Fugini, G. Martella, and P. Samarati. Database Security. Addison-Wesley, 1995.
M. L. Goyal and G. V. Singh. Access Control in Distributed Heterogeneous Database Management Systems. Computers & Security, 10:661–669, 1991.
D. Heimbigner and D. McLeod. A Federated Architecture for Information Management. ACM Transactions on Office Information Systems, 3(3):253–278, 1985.
V. E. Jones, N. Ching, and M. Winslett. Credentials for Privacy and Interoperation. In Proc. New Security Paradigms Workshop, pages 93–100, La Jolla, California, U.S.A, August 1995.
Dirk Jonscher and Klaus R. Dittrich. Access Control for Database Federations a discussion of the state-of-the-art. In Proceeding DBTA Workshop on Interoperability of DBSs and DB Applications, October 1993.
Dirk Jonscher and Klaus R. Dittrich. An Approach for Building Secure Database Federations. In Proceedings of the 20th VLDB Conference, Santiago, Chile, 1994.
Dirk Jonscher and Klaus R. Dittrich. Argos — A Configurable Access Control Subsystem Which Can Propagate Access Rights. In Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, New York, U.S.A, August 1995.
Wom Kim, Nat Ballou, Jorge F. Garza, and Darrel Woelk. A Distributed Object-Oriented Database System Supporting Shared and Private Databases. ACM Transactions on Office Information Systems, 9(1):31–51, January 1991.
Witold Litwin, Leo Mark, and Nick Roussopoulos. Interoperability of Multiple Autonomous Databases. ACM Computing Surveys, 22(3):267–293, 1990.
J. McHugh and B. Thuraisingham. Multilevel Security Issues in Distributed Database Management Systems. Computers & Security, 7:387–396, 1988.
B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, 32(9):33–38, 1994.
Martin S. Olivier. A Multilevel Secure Federated Database. In Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, pages 23–38, New York, U.S.A, August 1995.
R.S. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communications, pages 2–1s0, September 1994.
M. Satyanarayanan. Integrating Security in a Large Distributed System. ACM Transactions on Computer Systems, 7(3):247–280, August 1989.
Amit P. Sheth and James A. Larson. Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases. ACM Computing Surveys, 22(3):183–236, 1990.
M. Templeton, E. Lund, and P. Ward. Pragmatics of Access Control in Mermaid. In IEEE-CS TC Data Engineering, pages 33–38, September 1987.
Gomer Thomas, Glenn R. Thompson, Chin-Wan Chung, Edward Barkmeyer, Fred Carter, Marjorie Templeton, Stephen Fox, and Berl Hartman. Heterogeneous Distributed Database Systems for Production Use. ACM Computing Surveys, 22(3):237–266, 1990.
B. Thuraisingham. Multilevel Security Issues in Distributed Database Management Systems II. Computers & Security, 10:727–747, 1991.
B. Thuraisingham and Harvey H. Rubinovitz. Multilevel Security Issues in Distributed Database Management Systems III. Computers & Security, 11:661–674, 1992.
Ching-Yi Wang and David L. Spooner. Access Control in a Heterogeneous Distributed Database Management System. In IEEE 6th Symp. on Reliability in Distributed Software and Database Systems, Williamsburg, pages 84–92, 1987.
Edward Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos Operating System. ACM Transactions on Computer Systems, 12(1):3–32, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
De Capitani di Vimercati, S., Samarati, P. (1996). An authorization model for federated systems. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds) Computer Security — ESORICS 96. ESORICS 1996. Lecture Notes in Computer Science, vol 1146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-61770-1_30
Download citation
DOI: https://doi.org/10.1007/3-540-61770-1_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61770-9
Online ISBN: 978-3-540-70675-5
eBook Packages: Springer Book Archive