This Article 
 Bibliographic References 
 Add to: 
Applying Semantic Knowledge to Real-Time Update of Access Control Policies
June 2005 (vol. 17 no. 6)
pp. 844-858
Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. Updating policies while they are in effect can lead to potential security problems, such as, access to database objects by unauthorized users. In this paper, we propose several algorithms that not only prevent such security breaches but also ensure the correctness of execution. The algorithms differ from each other in the degree of concurrency provided and the semantic knowledge used. Of the algorithms presented, the most concurrency is achieved when transactions are decomposed into atomic steps. Once transactions are decomposed, the atomicity, consistency, and isolation properties no longer hold. Since the traditional transaction processing model can no longer be used to ensure the correctness of the execution, we use an alternate semantic-based transaction processing model. To ensure correct behavior, our model requires an application to satisfy a set of necessary properties, namely, semantic atomicity, consistent execution, sensitive transaction isolation, and policy-compliant. We show how one can verify an application statically to check for the existence of these properties.

[1] D. Agrawal, A. ElAbbadi, and A.K. Singh, “Consistency and Orderability: Semantics-Based Correctness Criteria for Databases,” ACM Trans. Database Systems, vol. 18, no. 3, pp. 460-486, Sept. 1993.
[2] P. Ammann, S. Jajodia, and I. Ray, “Ensuring Atomicity of Multilevel Transactions,” Proc. IEEE Symp. Security and Privacy, pp. 74-84, May 1996.
[3] P. Ammann, S. Jajodia, and I. Ray, “Applying Formal Methods to Semantic-Based Decomposition of Transactions,” ACM Trans. Database Systems, vol. 22, no. 2, pp. 215-254, June 1997.
[4] B.R. Badrinath and K. Ramamritham, “Semantics-Based Concurrency Control: Beyond Commutativity,” ACM Trans. Database Systems, vol. 17, no. 1, pp. 163-199, Mar. 1992.
[5] S. Barker, “Security Policy Specification in Logic,” Proc. Int'l Conf. Artificial Intelligence, pp. 143-148, 2000.
[6] D.E. Bell and L.J. LaPadula, “Secure Computer System: Unified Exposition and Multics Interpretation,” Technical Report MTR-2997, MITRE Corporation, Bedford, Mass., July 1975.
[7] P.A. Bernstein, V. Hadzilacos, and N. Goodman, Concurrency Control and Recovery in Database Systems. Addison-Wesley, 1987.
[8] E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning,” ACM Trans. Database Systems, vol. 23, no. 3, pp. 231-285, 1998.
[9] F. Chen and R. Sandhu, “Constraints for Role-Based Access Control,” Proc. First ACM Workshop Role-Based Access Control, 1995.
[10] E.C. Cheng, “OMM: An Organization Modeling and Management System,” Proc. Towards Adaptive Workflow Systems Workshop, Nov. 1998.
[11] N. Damianou, T. Tonouchi, N. Dulay, E. Lupu, and M. Sloman, “Tools for Domain-Based Policy Management of Distributed Systems,” Proc. IEEE/IFIP Network Operations and Management Symp., Apr. 2002.
[12] N.C. Damianou, “A Policy Framework for Management of Distributed Systems,” PhD thesis, Imperial College of Science, Technology and Medicine, Univ. of London, U.K., 2002.
[13] W. Du and A.K. Elmagarmid, “Quasi Serializability: A Correctness Criterion for Global Concurrency Control in Interbase,” Proc. Int'l Conf. Very Large Databases, pp. 347-355, 1989.
[14] J. Thomas Haigh et al., “Assured Service Concepts and Models: Security in Distributed Systems,” Technical Report RL-TR-92-9, Rome Laboratory, Air Force Material Command, Rome, N.Y., Jan. 1992.
[15] A.A. Farrag and M.T. Özsu, “Using Semantic Knowledge of Transactions to Increase Concurrency,” ACM Trans. Database Systems, vol. 14, no. 4, pp. 503-525, Dec. 1989.
[16] H. Garcia-Molina, “Using Semantic Knowledge for Transaction Processing in a Distributed Database,” ACM Trans. Database Systems, vol. 8, no. 2, pp. 186-213, June 1983.
[17] H. Garcia-Molina and K. Salem, “Sagas,” Proc. ACM-SIGMOD Int'l Conf. Management of Data, pp. 249-259, 1987.
[18] N. Griffeth and H. Velthuijsen, “Reasoning About Goals to Resolve Conflicts,” Proc. Int'l Conf. Intelligent Cooperative Information Systems, pp. 197-204, 1993.
[19] R.J. Hayton, J.M. Bacon, and K. Moody, “Access Control in Open Distributed Environment,” IEEE Symp. Security and Privacy, pp. 3-14, May 1998.
[20] M.P. Herlihy and W.E. Weihl, “Hybrid Concurrency Control for Abstract Data Types,” J. Computer and System Sciences, vol. 43, no. 1, pp. 25-61, Aug. 1991.
[21] M. Hitchens and V. Varadarajan, “Tower: A Language for Role-Based Access Control,” Proc. Policy Workshop, 2001.
[22] S. Jajodia, P. Samarati, and V.S. Subrahmanian, “A Logical Language for Expressing Authorizations,” Proc. IEEE Symp. Security and Privacy, pp. 31-42, May 1997.
[23] P. Kammer, G. Bolcer, R. Taylor, and M. Bergman, “Techniques for Supporting Dynamic and Adaptive Workflow,” Computer Supported Cooperative Work, vol. 9, nos. 3-4, pp. 269-292, 2000.
[24] H.F. Korth and G. Speegle, “Formal Aspects of Concurrency Control in Long-duration Transaction Systems Using the NT/PV Model,” ACM Trans. Database Systems, vol. 19, no. 3, pp. 492-535, Sept. 1994.
[25] H.F. Korth and G.D. Speegle, “Formal Model of Correctness Without Serializability,” Proc. ACM-SIGMOD Int'l Conf. Management of Data, pp. 379-386, June 1988.
[26] H.F. Korth, E. Levy, and A. Silberschatz, “A Formal Approach to Recovery by Compensating Transactions,” Proc. Int'l Conf. Very Large Databases, pp. 95-106, 1990.
[27] E. Levy, H.F. Korth, and A. Silberschatz, “A Theory of Relaxed Atomicity,” Proc. ACM SIGACT-SIGOPS Symp. Principles of Distributed Computing, pp. 95-109, Aug. 1991.
[28] E. Lupu and M. Sloman, “Conflict Analysis for Management Policies,” Proc. Fifth IFIP/IEEE Int'l Symp. Integrated Network Management, pp. 430-443, May 1997.
[29] N.A. Lynch, “Multilevel Atomicity— A New Correctness Criterion for Database Concurrency Control,” ACM Trans. Database Systems, vol. 8, no. 4, pp. 484-502, Dec. 1983.
[30] D. Manolescu and R. Johnson, “Dynamic Object Model and Adaptive Workflow,” Proc. Metadata and Active Object-Model Pattern Mining Workshop, Nov. 1999.
[31] M.G. Mathews, “Supporting Dynamic Change in B2B Coordination,” technical report, The MITRE Corporation, June 2001.
[32] N. Minsky, V. Ungureanu, W. Wang, and J. Zhang, “Building Reconfiguration Primitives into the Law of a System,” Proc. Int'l Conf. Configurable Distributed Systems, pp. 89-97, May 1996.
[33] R. Muller and E. Rahm, “Rule-Based Dynamic Modification of Workflows in a Medical Domain,” Proc. BTW, A.P. Buchmann, ed., pp. 429-448, Mar. 1999.
[34] R. Ortalo, “A Flexible Method for Information Systems Security Policy Specification,” Proc. Fifth European Symp. Research in Computer Security, 1998.
[35] J. Park and R. Sandhu, “Towards Usage Control Models: Beyond Traditional Access Controls,” Proc. Seventh ACM Symp. Access Control Models and Technologies, pp. 57-64, June 2002.
[36] B. Potter, J. Sinclair, and D. Till, An Introduction to Formal Specification and Z. Prentice-Hall, 1991.
[37] R. Rastogi, H.F. Korth, and A. Silberchatz, “Exploiting Transaction Semantics in Multidatabase Systems,” Proc. Int'l Conf. Distributed Computing Systems, pp. 101-109, June 1995.
[38] I. Ray, “Real-Time Update of Access Control Policies,” Data and Knowledge Eng., vol. 49, no. 3, pp. 287-309, June 2004.
[39] I. Ray, P. Ammann, and S. Jajodia, “A Semantic Model for Multilevel Transactions,” J. Computer Security, vol. 6, no. 3, pp. 181-217, 1998.
[40] I. Ray, P. Ammann, and S. Jajodia, “Using Semantic Correctness in Multidatabases to Achieve Local Autonomy, Distribute Coordination, and Maintain Global Integrity,” Information Sciences, vol. 129, nos. 1-4, pp. 155-195, Nov. 2000.
[41] I. Ray and T. Xin, “Concurrent and Real-Time Update of Access Control Policies,” Proc. 14th Int'l Conf. Database and Expert Systems, pp. 330-339, Sept. 2003.
[42] C. Ribeiro, A. Zuquete, and P. Ferreira, “SPL: An Access Control Language for Security Policies with Complex Constraints,” Proc. Network and Distributed System Security Symp., Feb. 2001.
[43] S. Sadiq, “Workflows in Dynamic Environment— Can they be managed,” Proc. Second Int'l Symp. Cooperative Database Systems for Advanced Applications, Mar. 1999.
[44] P. Samarati and S. Vimercati, “Access Control: Policies, Models and Mechanisms,” Foundations of Security Analysis and Design (Tutorial Lectures), R. Focardi and R. Gorrieri, eds., pp. 137-196, Sept. 2000.
[45] R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role Based Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, 1996.
[46] E.A. Schneider, W. Kalsow, L. TeWinkel, and M. Carney, “Experimentation with Adaptive Security Policies,” Technical Report RL-TR-96-82, Rome Laboratory, Air Force Material Command, Rome, N.Y., June 1996.
[47] E.A. Schneider, D.G. Weber, and T. de Groot, “Temporal Properties of Distributed Systems,” Technical Report RADC-TR-89-376, Rome Air Development Center, Rome, N.Y., Sept. 1989.
[48] L. Sha, J.P. Lehoczky, and E.D. Jensen, “Modular Concurrency Control and Failure Recovery,” IEEE Trans. Computers, vol. 37, no. 2, pp. 146-159, Feb. 1988.
[49] D. Shasha, E. Simon, and P. Valduriez, “Simple Rational Guidance for Chopping Up Transactions,” Proc. ACM-SIGMOD Int'l Conf. Management of Data, pp. 298-307, June 1992.
[50] E. Sibley, “Experiments in Organizational Policy Representation: Results to Date,” Proc. IEEE Int'l Conf. Systems Man and Cybernetics, pp. 337-342, 1993.
[51] E. Sibley, J. Michael, and R. Wexelblat, “Use of an Experimental Policy Workbench: Description and Preliminary Results,” Database Security V: Status and Prospects, C. Landwehr and S. Jajodia, eds., pp. 47-76, 1992.
[52] A. Thomasian, “Concurrency Control: Methods, Performance and Analysis,” ACM Computing Surveys, vol. 30, no. 1, pp. 70-119, 1998.
[53] W.M.P. van der Aalst, T. Basten, H.M.W. Verbeek, P.A.C. Verkoulen, and M. Voorhoeve, “Adaptive Workflow,” Enterprise Information Systems, J.B.L. Filipe, ed., 1999.
[54] H. Wachter and A. Reuter, “The ConTract Model,” Database Transaction Models for Advanced Applications, A.K. Elmagarmid, ed., pp. 219-263, 1992.

Index Terms:
Access control policies, concurrency control, semantic-based transaction processing, transaction processing.
Indrakshi Ray, "Applying Semantic Knowledge to Real-Time Update of Access Control Policies," IEEE Transactions on Knowledge and Data Engineering, vol. 17, no. 6, pp. 844-858, June 2005, doi:10.1109/TKDE.2005.88
Usage of this product signifies your acceptance of the Terms of Use.