Handbook of Database Security: Applications and Trends
Tan, K. World Wide Web 3 3 June — Goel, S. Finance, B. Gowadia, V. Hitchens, M. Bouganim, L. Miklau, G. Wang, H. Then we address several tools for policy modeling and generation which help users in capturing security concerns during the design, and developing the security policies and functions during the implementation.
A fundamental enforcement of data management is to specify the access control policies to control each request to the data handled by the system and to determine whether the request should be granted or denied. With these tools, the business stakeholders are able to capture and integrate security concerns at a higher business level, and the developers can easily associate the security-related requirements with the security policies and the implementation. Moreover, as Web services become more and more common in use, the WS-Policy framework for Web services, is also well-known.
- Bestselling Series.
- Handbook of Database Security (豆瓣).
- Local Histories: Reading the Archives of Composition (Pitt Comp Literacy Culture)?
- Passar bra ihop;
The example is a Webbased paper review application that simulates a typical anonymous paperreviewing process. The review summary XML document stores all of the information and the states for the reviewing process such as the author information and the evaluation results. Any operations regarding the paper review process can be represented as an access to the XML document such as a read access to the paper id attribute and an update access to the result element.
We need to specify appropriate access control policies that will be enforced on this XML document in order to support the anonymous paper reviewing process. Carol Robert 3. The rule R1 is the default policy for the chairperson. Rule R3 allows the reviewers to read any node below the entry element except for the authorName element. Rule R4 allows the reviewers to update their rating element.
Rule R5 allows authors access to their paper submission.
R1: The chairperson can read any elements, attributes and text nodes of the review document. R3: Each reviewer can read the entry element and any subordinates nodes assigned to him except for the authorName. R5: Each author can read his own submission entry except for the review elements. An access control policy example For example, when the chairperson issues a read access request for the author Name element, the access should be permitted according to R1.
On the other hand, when a reviewer tries to read the authorName element, the access should be denied according to R3. It allows application developers to specify policies at the element and attribute levels with various conditional expressions.
ISBN 13: 9781441943057
XACL uses XPath expressions to specify the targets of a policy with either positive or negative permissions. Policy Syntax and Semantics. With regard to the authorization objects, XACL only supports XPath expressions as an href attribute of the object element. There are four types of authorization actions in XACL, read, write, create, and delete. Figure 3 expresses Rule R3 of Figure2. Since the XACL supports the downward propagation from the target node by default, any subordinate nodes below the entry element, e.
Binding Scheme. There are two fundamental approaches. Therefore, one needs to maintain the mapping between a particular DTD and the associated policy. In this case, an associated policy, which is encoded as a policy element, may be an element contained within the target document. Basic Matching Algorithm The access control system basically takes an authorization request as input and outputs an authorization decision including provisional actions.
Handbook of Database Security: Applications and Trends
The access control enforcement may consist of the basic matching algorithm and the policy evaluation algorithm. Input: An authorization request which contains a requested object, a subject for the requester, and the action. Output: A decision list, which may contain multiple decisions. Step 1. Step 3.
Condition-Check: For each of the remaining xacl elements, check if it meets the condition. Step 4. We note that this algorithm always outputs exactly one authorization decision. Input: An authorization request. Output: A decision of grant or deny. Step 2. Default Resolution: If there is no authorization decision in the list, make a decision according to the default policy and append it to the decision list. Select one decision: Select on evaluation result from the list containing at least one decision. The scope of this language is to cover access control systems as broadly as possible.
XACML achieves interoperability of access control policies among heterogeneous computing platforms. PDP retrieves applicable access control policies from Policy Administration Point PAP and makes the decision using the relevant policies and the request context. In addition, Rule can be evaluated in isolation to form a basic unit of management and can be reused in multiple policies when PolicySet is used to specify multiple policies simultaneously.
The semantics of the propagation to subordinate nodes is handled by the xpath-node-match matching function. R states that a read access to the authorName element is denied. These three rules are combined by the denial-overrides algorithm, which basically means that if any rule evaluates to deny, then the result of the rule combination should be deny. For example, R permits read access to the authorName element while R explicitly denies the access. Then the denial -overrides algorithm concludes that the access to the entry element should be denied.
Various rule combining algorithms, in particular, Permit-overrides, Only-one-applicable, and First-applicable, are supported besides the Deny-overrides algorithm of the previous example. The Permit-overrides algorithm is a procedure such that if there exists any rule that evaluates to permit, then the decision is permit. However, if all of the rules evaluate to not applicable, or some rules evaluate to deny but some evaluate to not applicable, then the decision is deny.
The Only-one-applicable algorithm says that if more than one rule applies, then the decision is indeterminate. If no rule applies, then the result is not applicable. If only-one policy applies, the decision is evaluated by that rule. The First-applicable algorithm is a procedure such that the rules are evaluated in the order of appearance in the policy. XACML access control policy corresponding to R3 64 Naizhen Qi and Michiharu Kudo access target matches and the optional conditions match, is used to decide the result of the request.
These decision combining algorithms allow administrators to provide various levels of security restrictions on their sensitive data.
Access Request. Each request may contain multiple Subject elements and multiple attributes for the Subject, Resource and Action. The request context consisting of three sub-structures, Subject information, Resource information, and Action information, each consisting of one or more attribute type-value pairs.
In this example, subject-id and role are attribute types and Robert and reviewerName are attribute values, respectively. The target XML document is referred to from the access control policy using the AttributeSelector function. This is one of the advantages of the XACML policy model that allows the policy to refer to any of the values of the target XML data as embedded in the Request Context and to compare those values against constant values.
Access Response. In our example, the decision is Deny since the requested entry element contains an AuthorName element that should not be accessible to the Reviewer. WS-Policy is critical to achieve interoperability for the high-level functional operation of the Web services.
The wrapper itself has limited semantics, leaving the details to the policy assertions from various domains such as security, privacy, application priority, user account priorities, and traffic control. Some of these assertions specify traditional requirements and capabilities that will ultimately be manifested on the wire i. WS-Policy provides a single policy grammar to allow both kinds of assertions in a consistent manner. A policy is composed of policy expressions that may each contain only one of the policy operations, policy assertions, or policy reference.
As an example, Figure 8 gives a simple policy example in the security domain. People also want to be able to address the underlying security concerns in ways that are easy to understand, and so that they can identify the particular technical implementations. Moreover, recently attention has 3 Since in Chapter 13 of Security and Web Services, WS-Policy is introduced in details, we do not go deeply into it in this section. Access Control Policy Languages in XML 67 been increasingly given to the techniques and tools required for architecting enterprise-scale software solutions.
Many enterprises extend the life of an existing solution by designing new business logic that manipulates existing data resources, presenting existing data and transactions through new channels, integrating previously disconnected systems supporting overlapping business activities, and so on.
The design of a high-quality solution therefore also calls for early architectural decisions on privacy and security . During the policy modeling process, system requirements, organizational security and privacy policies, and organizational structures are analyzed to specify access control policies. Several approaches have been proposed in the area of policy modeling with UML.
Handbook Of Database Security - Applications And Trends - PDF Free Download
Brose et al. Their underlying security models are multi-level security and mandatory access control. These approaches focus more on system implementation representations that are not easy for the business stakeholders to capture for the enterprise-scale security requirements at a higher business level. Johnston introduces an approach in  that provides a set of primitive modeling elements to allow the users to specify the intention of the security within the requirements process. They generalize the security issues as four domains: Privacy, Authentication, Authorization, and Audit.
Figure 9 demonstrates the dependencies between these four domains. For example, it is not possible to implement authorization without authentication. On the other hand both authorization and authentication rely on auditing, not for 68 Naizhen Qi and Michiharu Kudo implementation but to ensure that any exceptions are captured for analysis and for non-repudiation. Privacy relies on both authentication and auditing.