Name
Abstract | ||
|---|---|---|
Attribute-based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. In this paper we explore advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs. We consider this in a context of reflective database access control where attributes used in access decisions are stored in the database itself. Our implementation and experiments demonstrate a significant improvement in access decision times compared to the best available optimizations for general XACML access engines. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1145/1943513.1943528 | CODASPY |
Keywords | Field | DocType |
xacml policy,reflective database access control,access decision,database access,access right,commodity databases,general xacml access engine,access control lists,attribute-based database access control,access decision time,attribute-based access control,database,access control | Computer access control,Database access,Architecture,Computer science,Role-based access control,XACML,Implementation,Access control list,Access control,Database | Conference |
Citations | PageRank | References |
9 | 0.59 | 16 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Sonia Jahid | 1 | 171 | 6.42 |
| Carl A. Gunter | 2 | 1941 | 185.30 |
| Imranul Hoque | 3 | 134 | 10.20 |
| Hamed Okhravi | 4 | 277 | 23.66 |