【文章內(nèi)容簡介】 ss Control Inference problem occurs when users pose queries and deduce unauthorized information from the legitimate responses Security constraint processing for controlling inferences More recently there is work on controlling release information instead of controlling access to information ? Temporal Access Control Models Incorporates time parameter into the access control models ? Rolebased access control Controlling access based on roles of people and the activities they carry out。 Implemented in mercial systems ? Positive and Negative Authorizations Should negative authorizations be explicitly specified? How can conflicts be resolved? Some Examples ? Temporal Access Control After 1/1/05, only doctors have access to medical records ? Rolebased Access Control Manager has access to salary information Project leader has access to project budgets, but he does not have access to salary information What happens if the manager is also the project leader? ? Positive and Negative Authorizations John has write access to EMP John does not have read access to DEPT John does not have write access to Salary attribute in EMP How are conflicts resolved? Privacy Constraints / Access Control Rules ? Privacy constraints processing Simple Constraint: an attribute of a document is private Contentbased constraint: If document contains information about X, then it is private Associationbased Constraint: Two or more documents taken together is private。 individually each document is public Release constraint: After X is released Y bees private ? Augment a database system with a privacy controller for constraint processing Integrated Architecture for Privacy Constraint Processing User Interface Manager Constraint Manager Privacy Constraints Query Processor: Constraints during query and release operations Update Processor: Constraints during update operation XML Database Design Tool Constraints during database design operation Database Relational DBMS Other Policies ? Trust Policies To what extent do you trust the source of the data How can trust be propagated Adding trust value to each piece of data A trusts B and B trusts C, does this mean A trusts C? A department head sends messages to all the faculty。 however he/she may not trust a particular person Developing a language to specify trust ? Integrity Policies Maintaining the quality of the data Adding an attribute to each piece of data to specify the quality Quality also depends on how much you trust the source Algebra for data quality Access Control in Databases: Next Steps ? Access Control in Databases will continue to be very important We also need to examine alternatives ? We need new kinds of access control models 1975 models may not be suitable for emerging applications such as semantic web, emerce and stream data management Rolebased access control has bee very popular and is implemented now in mercial systems. What variations of this model are appropriate for emerging applications? ? Endtoend security is critical We cannot have secure databases and have insecure works and middleware。 Composability ? Flexible security policies Confidentiality, Authenticity, Completeness, Integrity, Trust, Privacy, Data Quality, etc. Policies ? Need to Know to Need to Share ? RBAC ? UCON ? ABAC ? Dissemination ? Risk based access control ? Trust Management/Credential/Disclosure ? Directions ? Major conferences for Policy and Access Control: IEEE Policy Workshop ACM SACMAT Need to Know to Need to Share ? Need to know policies during the cold war。 even if the user has access, does the user have a need to know? ? Post 9/11 the emphasis is on need to share User may not have access, but needs the data ? Do we give the data to the user and then analyze the consequences ? Do we analyze the consequences and then determine the actions to