Skip to main content
SpringerLink
Log in

Managing Multi-dimensional Multi-granular Security Policies Using Data Warehousing

  • Conference paper
  • First Online:
Network and System Security (NSS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Included in the following conference series:

Abstract

Over the last several years, sophisticated access control models have been proposed to take into account different dimensions such as time, space, role, context, attribute, etc. These enable specification of fine grained access control policies that can better express evolving organizational needs. However, there is no comprehensive solution that can uniformly specify, evaluate, maintain and analyze this multitude of policies in a consistent fashion. In this paper, we show that specifying and enforcing access control policies of multiple granularities and dimensions can be transformed into the problem of storing and querying data at multiple granularities and dimensions. Specifically, we develop a unified schema to represent several standard access control policies and show how they can be automatically evaluated. We have implemented the system in Oracle, and evaluated its scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdunabi, R., Al-Lail, M., Ray, I., France, R.B.: Specification, validation, and enforcement of a generalized spatio-temporal role-based access control model. IEEE Systems Journal 7(3), 501–515 (2013)

    Article  Google Scholar 

  2. Aich, S., Sural, S., Majumdar, A.K.: STARBAC: Spatiotemporal Role Based Access Control. In: Meersman, R., Tari, Z. (eds.) OTM 2007, Part II. LNCS, vol. 4804, pp. 1567–1582. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Ali, S., Rauf, A., Khusro, S., Zubair, M., Farman, H., Ullah, S.: An authorization model to access the summarized data of data warehouse. Life Sciences Journal 11(6s) (2014)

    Google Scholar 

  4. Barker, S.: The next 700 access control models or a unifying meta-model? In: ACM Symposium on Access Control Models and technologies, pp. 187–196 (2009)

    Google Scholar 

  5. Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role-based access control model. ACM Trans. on Information and System Security 4(3), 191–233 (2001)

    Article  Google Scholar 

  6. Becker, M., Fournet, C., Gordon, A.: Design and semantics of a decentralized authorization language. In: IEEE Computer Security Foundations Symposium, pp. 3–15 (2007)

    Google Scholar 

  7. Bell, D., LaPadula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR-2997, The Mitre Corporation, March 1976

    Google Scholar 

  8. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: ACM Symposium on Access Control Models and Technologies, pp. 29–37. ACM, June 2005

    Google Scholar 

  9. Chaudhuri, S., Dayal, U.: An overview of data warehousing and OLAP technology. SIGMOD Record 26(1), 65–74 (1997)

    Article  Google Scholar 

  10. Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Ferraiolo, D., Atluri, V.: A meta model for access control: why is it needed and is it even possible to achieve? In: ACM Symposium on Access Control Models and Technologies, pp. 153–154 (2008)

    Google Scholar 

  12. Ferraiolo, D.F., Atluri, V., Gavrila, S.I.: The policy machine: A novel architecture and framework for access control policy specification and enforcement. Journal of Systems Architecture - Embedded Systems Design 57(4), 412–424 (2011)

    Google Scholar 

  13. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  14. Graham, G., Denning, P.: Protection principles and practice. In: AFIPS Spring Joint Computer Conference, pp. 417–429 (1972)

    Google Scholar 

  15. Jajodia, S., Samarati, P., et al.: Flexible support for multiple access control policies. ACM Tran. on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  16. Joshi, J., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role-based access control model. IEEE Trans. Knowl. Data Eng. 17(1), 4–23 (2005)

    Article  Google Scholar 

  17. Lampson, B.: Protection. In: 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971)

    Google Scholar 

  18. Li, N., Mitchell, J., Winsborough, W.: Design of a role-based trust-management framework. In: IEEE Symposium on Security and Privacy, p. 114 (2002)

    Google Scholar 

  19. Molloy, I., Tripunitara, M.V., et al.: Panel on granularity in access control. In: ACM Symposium on Access Control Models and Technologies, pp. 85–86 (2013)

    Google Scholar 

  20. National Institute of Standards and Technology, and National Security Agency. A survey of access control methods. Technical report (2009)

    Google Scholar 

  21. Ray, I., Kumar, M., Yu, L.: LRBAC: a location-aware role-based access control model. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 147–161. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Ray, I., Toahchoodee, M.: A spatio temporal role based access control model. In: IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 211–226 (2007)

    Google Scholar 

  23. Sandhu, R., et al.: Role-based Access Control Models. IEEE Computer, 38–47 (1996)

    Google Scholar 

  24. OASIS XACML Technical Committee. OASIS extensible access control markup language (XACML) version 2.0

    Google Scholar 

  25. Thuraisingham, B., Kantarcioglu, M., et al.: Extended rbac-based design and implementation for a secure data warehouse. International Journal of Business Intelligence and Data Mining 2(1), 367–382 (2007)

    Article  Google Scholar 

  26. Toahchoodee, M., Ray, I.: On the formalization and analysis of a spatio-temporal role-based access control model. Journal of Computer Security 19(3), 399–452 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, IIT Kharagpur, Kharagpur, India

    Mahendra Pratap Singh & Shamik Sural

  2. MSIS Department, Rutgers University, Newark, NJ, USA

    Vijayalakshmi Atluri, Jaideep Vaidya & Ussama Yakub

Authors
  1. Mahendra Pratap Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shamik Sural
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vijayalakshmi Atluri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaideep Vaidya
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ussama Yakub
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jaideep Vaidya .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Singh, M.P., Sural, S., Atluri, V., Vaidya, J., Yakub, U. (2015). Managing Multi-dimensional Multi-granular Security Policies Using Data Warehousing. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation