This Article 
 Bibliographic References 
 Add to: 
An Extended Authorization Model for Relational Databases
January-February 1997 (vol. 9 no. 1)
pp. 85-101

Abstract—We propose two extensions to the authorization model for relational databases defined originally by Griffiths and Wade. The first extension concerns a new type of revoke operation, called noncascading revoke operation. The original model contains a single, cascading revoke operation, meaning that when a privilege is revoked from a user, a recursive revocation takes place that deletes all authorizations granted by this user that do not have other supporting authorizations. The new type of revocation avoids the recursive revocation of authorizations. The second extension concerns negative authorization which permits specification of explicit denial for a user to access an object under a particular mode. We also address the management of views and groups with respect to the proposed extensions.

[1] M.M. Astrahan,M.W. Blasgen,D.D. Chamberlin,K.P. Eswaran,J.N. Gray,P.P. Griffiths,W.F. King,R.A. Lorie,P.R. McJones,J.W. Mehl,G.R. Putzolu,I.L. Traiger,B.W. Wade, and V. Watson,"System R: Relational approach to database management," ACM Trans. Database Systems, vol. 1, no. 2, pp. 97-137, June 1976.
[2] F. Bancilhon and N. Spyratos, "Update Semantics of Relational Views," ACM TODS, vol. 6, no. 4, pp. 557-575, Dec. 1981.
[3] R.W. Baldwin, "Naming and Grouping Privileges to Simplify Security Management in Large Databases," Proc. IEEE Symp. Security and Privacy,Oakland, Calif., pp. 116-132, Apr. 1990.
[4] E. Bertino,C. Bettini, and P. Samarati,"A temporal authorization model," Proc. Second ACM Conf. Computer and Communications Security, pp. 126-135,Fairfax,Va., Nov. 1994.
[5] E. Bertino, P. Samarati, and S. Jajodia, "An Extended Authorization Model for Relational Databases," internal report, extended version, pp. 1-60, 1994.
[6] E. Bertino and L.M. Haas, "Views and Security in Distributed Database Management Systems," Proc. First Int'l Conf. Extending Database Technology (EDBT),Venice, Italy, Lecture Notes in Computer Science, vol. 303, pp. 155-169, Springer-Verlag, 1988.
[7] V. Brosda and G. Vossen, "Update and Retrieval in a Relational Database through a Universal Schema Interface," ACM TODS, vol. 13, no. 4, pp. 449-485, Dec. 1988.
[8] On the technical history of System R, see D.D. Chamberlin et al., "A History and Evaluation of System R," Comm. ACM, vol. 24, no. 10, 1981, pp. 632-646. On the history of database design, generally see J. Gray, "Evolution of Data Management,"Computer,vol. 29, no. 10, 1996, pp. 38-46, and A. Silberschatz, M. Stonebraker, and J. Ullman, "Database Systems: Achievements and Opportunities,"Comm. ACM, vol. 34, no. 10, 1991, pp. 110-120. For a brief popular gloss on System R, see S. Lohr,Go To,Basic Books, New York, 2001, pp. 161-68.
[9] S. Cosmadakis and C.H. Papadimitriou, "Updates of Relational Views," J. ACM, vol. 31, no. 4, pp. 742-760, Oct. 1984.
[10] Department of Defense, Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Dec. 1985.
[11] N. Gal-Oz, E. Gudes, and E.B. Fernandez, "A Model of Methods Access Authorization in Object-Oriented Databases," Proc. Int'l Conf. Very Large Data Bases,Dublin, Ireland, pp. 52-61, Aug. 1993
[12] R. Fagin, "On an Authorization Mechanism," ACM ToDS, vol. 3, no. 3, Sept. 1978.
[13] R. Gagliardi, G. Lapis, and B.G. Lindsay, "A Flexible and Efficient Database Authorization Facility," IBM Research Report RJ6826, 1989.
[14] P.P. Griffiths and B.W. Wade, “An Authorization Mechanism for a Relational Database System,” ACM Trans. Database Systems, vol. 1, no. 3, pp. 242–255, Sept. 1976.
[15] Informix-OnLine/Secure Security Features User's Guide. Informix Software Inc., Menlo Park, Calif., Apr. 1993.
[16] R. Langerak, "View Updates in Relational Databases with an Independent Scheme," ACM TODS, vol. 15, no. 1, pp. 40-66, Dec. 1990.
[17] Oracle7 Server Administrator's Guide. Oracle Corp., Redwood City, Calif., Dec. 1992.
[18] "Database Language SQL2," (ISO/ANSI working draft), J. Melton, ed., ANSI X3H2-90-309, Aug. 1990.
[19] T.F. Lunt, "Access Control Policies for Database Systems," Database Security, II: Status and Prospects, C.E. Landwehr, ed., North-Holland: Elsevier Science Publisher B.V., pp. 41-52, 1989.
[20] T.F. Lunt et al., "Secure Distributed Data Views, vol. 1-4," SRI International, Palo Alto, Calif, 1989.
[21] F. Rabitti, E. Bertino, W. Kim, and D. Woelk, “A Model of Authorization for Next-Generation Database Systems,” ACM Trans. Database Systems, vol. 16, no. 1, pp. 88–131, 1994.
[22] R. Sandhu and P. Samarati, "Access Control Principles and Practice," IEEE Comm., pp. 40-48, Sept. 1994.
[23] M. Satyanarayanan, "Integrating security in a large distributed system," ACM Trans. Computer System, vol. 7, no. 3, pp. 247-280, Aug. 1989.
[24] P.G. Selinger, "Authorizations and Views," Distributed Data Bases. I.W. Draffan and F. Poole, eds., Cambridge, Mass.: Cambridge Univ. Press, pp. 233-246, 1980.
[25] P.F. Wilms and B.G. Lindsay, "A Database Authorization Mechanism Supporting Individual and Group Authorization," Distributed Data Sharing Systems. R.P. van de Riet and W. Litwin, eds., North-Holland: Elsevier Science, pp. 273-292, 1982.

Index Terms:
Database systems, relational database, access control, authorization, security, protection, privacy, revocation of authorizations.
Elisa Bertino, Pierangela Samarati, Sushil Jajodia, "An Extended Authorization Model for Relational Databases," IEEE Transactions on Knowledge and Data Engineering, vol. 9, no. 1, pp. 85-101, Jan.-Feb. 1997, doi:10.1109/69.567051
Usage of this product signifies your acceptance of the Terms of Use.