MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control

机译：MyABDAC：编译XACML策略以用于基于属性的数据库访问控制

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Attribute-based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. In this paper we explore advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs. We consider this in a context of reflective database access control where attributes used in access decisions are stored in the database itself. Our implementation and experiments demonstrate a significant improvement in access decision times compared to the best available optimizations for general XACML access engines.

机译：基于XACML的基于属性的访问控制（ABAC）可以大大提高数据库访问权限的安全性和管理。但是，现有的实现依赖于高级策略解释，并且效率不如商品数据库本地支持的机制高。在本文中，我们探索了将XACML策略编译成数据库访问本机支持的访问控制列表（ACL）所带来的优势和挑战。主要贡献是用于有效解决可能触发ACL更改的属性中增量更改的体系结构和算法。我们在反射型数据库访问控制的上下文中考虑这一点，其中访问决策中使用的属性存储在数据库本身中。与常规XACML访问引擎的最佳可用优化方法相比，我们的实施和实验证明了访问决策时间的显着改善。

著录项

来源
《ACM conference on data and application security and privacy 2011》|2011年|p.97-108|共12页
会议地点 San Antonio TX(US);San Antonio TX(US)
作者
Sonia Jahid; Imranul Hoque; Carl A. Gunter; Hamed Okhravi;
展开▼
作者单位

University of Illinois at Urbana-Champaign;

University of Illinois at Urbana-Champaign;

University of Illinois at Urbana-Champaign;

University of Illinois at Urbana-Champaign;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类安全保密;
关键词
access control list; database; XACML; MySQL; attribute;

机译：访问控制列表；数据库; XACML; MySQL;属性;

相似文献

外文文献
中文文献
专利

1. XML Access Control: Mapping XACML Policies to Relational Database Tables [J] . Abd El-Aziz Ahmed Abd El-Aziz, Arputharaj Kannan The international arab journal of information technology . 2014,第6期

机译：XML访问控制：将XACML策略映射到关系数据库表
2. Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database [J] . Singh Mahendra Pratap, Sural Shamik, Vaidya Jaideep, Computers & Security . 2019,第Sepa期

机译：使用数据仓库和内存数据库在统一框架中管理基于属性的访问控制策略
3. Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database [J] . Singh Mahendra Pratap, Sural Shamik, Vaidya Jaideep, Computers & Security . 2019,第SEPa期

机译：使用数据仓库和内存数据库在统一框架中管理基于属性的访问控制策略
4. MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control [C] . Sonia Jahid, Imranul Hoque, Carl A. Gunter, ACM conference on data and application security and privacy . 2011

机译：myabdac：编译基于属性的数据库访问控制的XACML策略
5. Mining Meaningful Role-Based and Attribute-Based Access Control Policies. [D] . Xu, Zhongyuan. 2014

机译：挖掘有意义的基于角色和基于属性的访问控制策略。
6. An Efficient Attribute-Based Access Control (ABAC) Policy Retrieval Method Based on Attribute and Value Levels in Multimedia Networks [O] . Meiping Liu, Cheng Yang, Hao Li, 2020

机译：基于属性和值级别的多媒体网络中基于属性的有效访问控制（ABAC）策略检索方法
7. Improving reuse of attribute-based access control policies using policy templates [O] . Decat Maarten, Moeys Jasper, Lagaisse Bert, 2015

机译：使用策略模板提高基于属性的访问控制策略的重用

MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control

摘要

著录项

相似文献

相关主题

期刊订阅