Abstract
Providing computer facilities and data availability to larger numbers of users generates increased system vulnerability which is partially offset by software security systems. Much too often these systems are presented as ad hoc additions to the basic data management system. One very important constituent of software security systems is the access control mechanism which may be the last resource available to prohibit unauthorized data retrieval. This paper presents a specification for an access control mechanism. The mechanism is specified in a context for use with the GPLAN decision support system by a theoretical description consistent with the formal definition of GPLAN's query language. Incorporation of the mechanism into the language guarantees it will not be an ad hoc addition. Furthermore, it provides a facile introduction of data security dictates into the language processor.
- 1 AHO, A.~., AND ULLMAN, J.D. The Theory of Parsing, Translating and Compiling. Prentice- Hall, Englewood Cliffs, N.J., 1972. Google ScholarDigital Library
- 2 BosczEK, R.H., CASH, J.I., HASE~tAN, W.D., HOLSAPFLE, C., AND WHINSTON, A.B. Generalized planning system/data management system (GPLAN/DMS) users' manual. Tech. Rep., Krannert Graduate School of Management, Purdue U., W. Lafayette, Ind., Aug. 1975.Google Scholar
- 3 BONCZEK, R.H., HASEMAN, W.D., AND WHINSTON, A.B. Structure of a query language for a network data base. Tech. Rep., Krannert Graduate School of Management, Purdue U., W. Lafayette, Ind., Aug. 1975.Google Scholar
- 4 BVRT, M.K. From Deep to Surface Structure. Harper and Row, New York, 1971.Google Scholar
- 5 CASH, J.I., HASEMAN, W.D., AND WmNSTON, A.B. Security for the GPLAN system. Inform. Syst. 2, 2 (1976), 41-48.Google ScholarCross Ref
- 6 CODASYL. Data Base Task Group Report. April 1971 (available from ACM, New York).Google Scholar
- 7 CONWAY, R.W., MAXWELL, W.L., AND MORGAN, H.L. On the implementation of security measures in information systems. Comm. A CM 15, 4 (April 1972), 211-220. Google ScholarDigital Library
- 8 DENNING, D.E. Secure information flow in computer systems. Ph.D. Diss., Comptr. Sci. Dept., Purdue U., W. Lafayette, Ind., May 1975. Google ScholarDigital Library
- 9 DENN:NG, D.E. A lattice model of secure information flow. Comm. ACM 19, 5 (May 1976), 236-242. Google ScholarDigital Library
- 10 FERNANDEZ, E.B., SUMMERS, R.C., ANY COLEMAN, C.D. An authorization model for a shared data base. Proc. ACM-SIGMOD Conf., San Jose, Calif., May 1975, pp. 23-31. Google ScholarDigital Library
- 11 GRINDER, J.T., AND ELGIN, S.H. Guide to Transformational Grammar. Holt, Rinehart and Winston, New York, 1973.Google Scholar
- 12 HARVSON, H.R. Languages for specifying protection requirements in data base systems--a semantic model. Tech. Rep., Comptr. and Inform. Sci. Res. Ctr., Ohio State U., Columbus, Ohio, Aug. 1975.Google Scholar
- 13 HARTSON, H.R., AND I'tSIAO, D.K. A semantic model for data base protection languages. In Systems for Large Data Bases, P. Lockemann and E. Neuhold, Eds., North-Holland Pub. Co., Amsterdam, 1976, pp. 27-42. Google ScholarDigital Library
- 14 HARTSON, I'I.R., AND HSIAO, D.K. Full protection specifications in the semantic model for data base protection languages. Proc. 1976 ACM Nat. Conf., Houston, Tex., 1976, pp. 90-95. Google ScholarDigital Library
- 15 HASEMAN, W.D. GPLAN: an operational DSS. Database (ACM) 8, 3 (Winter 1977), 73-78. Google ScholarDigital Library
- 16 HASEMAN, W.D., AND WHINSTON, A.B. Introduction to Data Management. Richard D. Irwin, Homewood, Ill., 1977.Google Scholar
- 17 HELD, G.D., STONEB~AKER, M.R., AND WONG, E. INGRES--a relational data system. Proc. AFIPS 1975 NCC, AFIPS Press, Montvale, N.j., 1975, pp. 409-416.Google Scholar
- 18 HOFFMAN, L.J. The formulary model for flexible privacy and access control. Proc. AFIPS 1971 FJCC, AFIPS Press, Montvale, N.J., 1971, pp. 587--601.Google ScholarDigital Library
- 19 HOPCROFT, J.E., AND ULLMAN, J.D. Formal Languages and Their Relation to Automata. Addison-Wesley, Reading, Mass., 1969. Google ScholarDigital Library
- 20 Josm, A.K. Remarks on some aspects of language structure and their relevance to pattern analysis. Pattern Recognition 5 (1973), 347-360.Google Scholar
- 21 KIMBALL, J.P. The Formal Theory of Grammar. Prentice-Hall, Englewood Cliffs, N.J., 1973.Google Scholar
- 22 MILLER, J.S., P~PE, J.T., M:KKELSON, C.M., AND W~G~RE:~, B. A description of a programming language for the AADC. intermetrics Rep. CDRB003, Naval Electronics Laboratory, Washington, D.C., April 1973.Google Scholar
- 23 MORRIS, J.H. JR. Protection in programming languages. Comm. ACM 16, 1 (Jan. 1973), 15-21. Google ScholarDigital Library
- 24 Row~T, N. An Introduction to Generative Grammar. Transl. by N.S.I.I. Smith, North- Holland Pub. Co., Amsterdam, 1973.Google Scholar
- 25 Saltzer, J.H. Protection and the control of information sharing in Multics. Comm. ACM 17, 7 (July 1974), 388-402. Google ScholarDigital Library
- 26 SUMMERS, R.D., COLEMAN, C.D., AND FERNJ{NDEZ, E.B. A programming language approach to secure data base access. Tech. Rep. G320-2662, IBM Corp., Yorktown Heights, N.Y., May 1974.Google Scholar
- 27 WH:NSTON, A.B., AND I'IAsEMAN, W.D. A data base for nonprogrammers. Datamation 21, 5 (May 1975), 101-107.Google Scholar
Index Terms
- A transformational grammar-based query processor for access control in a planning system
Recommendations
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
Comments