{"title":"A symmetrical approach to granting and revoking access rights in database management systems","authors":"D. Goldberg, A. Orooji","doi":"10.1109/CMPSAC.1990.139339","DOIUrl":null,"url":null,"abstract":"The concept of independent revocation is described where an authorizer specifies revocation independently of the current status of authorization. Some of the aspects relating to the implementation of a system providing independent revocation were discussed. Revocation is first discussed in terms of formal models of authorization. The concept of an access matrix is introduced, and extended to allow for the specification of a condition for database systems. Then the general idea of independent revocation is considered in terms of this extended access matrix. Second, an actual implementation of a system which provides independent revocation is presented. The system, RRDS (Relational Replicated Database System) provides a DISALLOW command which gives the authorizer the capability to specify the data that a user should not be allowed to access. Finally, the applicability of independent revocation to database system in general is explored. It is concluded that independent revocation is applicable to a variety of systems, including some major systems currently in existence.<<ETX>>","PeriodicalId":127509,"journal":{"name":"Proceedings., Fourteenth Annual International Computer Software and Applications Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1990-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings., Fourteenth Annual International Computer Software and Applications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMPSAC.1990.139339","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The concept of independent revocation is described where an authorizer specifies revocation independently of the current status of authorization. Some of the aspects relating to the implementation of a system providing independent revocation were discussed. Revocation is first discussed in terms of formal models of authorization. The concept of an access matrix is introduced, and extended to allow for the specification of a condition for database systems. Then the general idea of independent revocation is considered in terms of this extended access matrix. Second, an actual implementation of a system which provides independent revocation is presented. The system, RRDS (Relational Replicated Database System) provides a DISALLOW command which gives the authorizer the capability to specify the data that a user should not be allowed to access. Finally, the applicability of independent revocation to database system in general is explored. It is concluded that independent revocation is applicable to a variety of systems, including some major systems currently in existence.<>
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
