Journal of Intelligent Information Systems

, Volume 38, Issue 1, pp 131–159 | Cite as

A relational database integrity framework for access control policies

  • Romuald Thion
  • Stéphane Coulondre


Access control is one of the most common and versatile mechanisms used for information systems security enforcement. An access control model formally describes how to decide whether an access request should be granted or denied. Since the role-based access control initiative has been proposed in the 90s, several access control models have been studied in the literature. An access control policy is an instance of a model. It defines the set of basic facts used in the decision process. Policies must satisfy a set of constraints defined in the model, which reflect some high level organization requirements. First-order logic has been advocated for some time as a suitable framework for access control models. Many frameworks have been proposed, focusing mainly on expressing complex access control models. However, though formally expressed, constraints are not defined in a unified language that could lead to some well-founded and generic enforcement procedures. Therefore, we make a clear distinction by proposing a logical framework focusing primarily on constraints, while keeping as much as possible a unified way of expressing constraints, policies, models, and reference monitors. This framework is closely tied to relational database integrity models. We then show how to use well-founded procedures in order to enforce and check constraints. Without requiring any rewriting previous to the inference process, these procedures provide clean and intuitive debugging traces for administrators. This approach is a step toward bridging the gap between general but hard to maintain formalisms and effective but insufficiently general ones.


Integrity model Dependencies Authorization Access control Inference 


  1. Abiteboul, S., Hull, R., & Vianu, V. (1995). Foundations of databases. Boston: Addison-Wesley. ISBN 0-201-53771-0.zbMATHGoogle Scholar
  2. Ahn, G.-J., & Sandhu, R. S. (1999). The RSL99 language for role-based separation of duty constraints. In RBAC’99: 4th ACM workshop on role-based access control (pp. 43–54). New York: ACM Press. ISBN 1-58113-180-1. doi:10.1145/319171.319176.CrossRefGoogle Scholar
  3. Barker, S., & Stuckey, P. J. (2003). Flexible access control policy specification with constraint logic programming. ACM Transactions on Information & System Security, 6(4), 501–546.CrossRefGoogle Scholar
  4. Beeri, C., & Vardi, M. Y. (1984). A proof procedure for data dependencies. Journal of the ACM, 31(4), 718–741.CrossRefzbMATHMathSciNetGoogle Scholar
  5. Benantar, M. (Ed.) (2006). Access control systems—security, identity management and trust models. New York: Springer.zbMATHGoogle Scholar
  6. Bertino, E., Bonatti, P. A., & Ferrari, E. (2001). TRBAC: A temporal role-based access control model. ACM Transactions on Information & System Security, 4(3), 191–233.CrossRefGoogle Scholar
  7. Bertino, E., Catania, B., Ferrari, E., & Perlasca, P. (2003). A logical framework for reasoning about access control models. ACM Transactions on Information & System Security, 6(1), 71–127.CrossRefGoogle Scholar
  8. Calì, A., Gottlob, G., & Kifer, M. (2008). Taming the infinite chase: Query answering under expressive relational constraints. In G. Brewka, & J. Lang (Eds.), KR (pp. 70–80). Menlo Park: AAAI Press. ISBN 978-1-57735-384-3.Google Scholar
  9. Chomicki, J., & Marcinkowski, J. (2005). Minimal-change integrity maintenance using tuple deletions. Information & Computation, 197(1–2), 90–121.CrossRefzbMATHMathSciNetGoogle Scholar
  10. Coulondre, S. (2003). A top-down proof procedure for generalized data dependencies. Acta Informatica, 39(1), 1–29.CrossRefzbMATHMathSciNetGoogle Scholar
  11. Crampton, J. (2003). Specifying and enforcing constraints in role-based access control. In SACMAT’03: 8th ACM symposium on access control models and technologies (pp. 43–50). New York: ACM Press. ISBN 1-58113-681-1. doi:10.1145/775412.775419.CrossRefGoogle Scholar
  12. Damiani, M. L., Bertino, E., Catania, B., & Perlasca, P. (2007). GEO-RBAC: A spatially aware rbac. ACM Transactions on Information & System Security, 10(1).Google Scholar
  13. DeTreville, J. (2002). Binder, a logic-based security language. In SP’02: IEEE symposium on security and privacy (p. 105). Washington: IEEE Computer Society. ISBN 0-7695-1543-6.CrossRefGoogle Scholar
  14. Fagin, R. (2006). Inverting schema mappings. In S. Vansummeren (Ed.), PODS’06: 25th ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems, Chicago, Illinois (pp. 50–59). New York: ACM Press. ISBN 1-59593-318-2.CrossRefGoogle Scholar
  15. Ferraiolo, D. F., Kuhn, R. D., & Chandramouli, R. (2003). Role-based access control. Norwoord: Artech House. ISBN 1-58053-370-1.zbMATHGoogle Scholar
  16. Gallier, J. H. (1986). Logic for computer science: Foundations of automatic theorem proving. Revised on-line version 2003. New York: Harper & Row. ISBN 0-06-042225-4. Scholar
  17. Gavrila, S. I., & Barkley, J. F. (1998). Formal specification for role based access control user/role and role/role relationship management. In RBAC’98: 3rd ACM workshop on Role-based access control (pp. 81–90).Google Scholar
  18. Gligor, V. D., Gavrila, S. I., & Ferraiolo, D. F. (1998). On the formal definition of separation-of-duty policies and their composition. In 1998 symposium on security and privacy, Oakland, California (pp. 172–183). New York: IEEE Computer Society Press.Google Scholar
  19. Halpern, J. Y., & Weissman, V. (2003). Using first-order logic to reason about policies. In CSFW’03: 16th IEEE computer security foundations workshop, Pacific Grove, CA (pp. 187–201). New York: IEEE Computer Society. ISBN 0-7695-1927-X.CrossRefGoogle Scholar
  20. Jaeger, T., & Tidswell, J. E. (2001). Practical safety in flexible access control models. ACM Transactions on Information and System Security, 4(2), 158–190. ISSN 1094-9224. doi:10.1145/501963.501966.CrossRefGoogle Scholar
  21. Jajodia, S., Samarati, P., Sapino, M. L., & Subrahmanian, V. S. (2001). Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26, 214–260. ISSN 0362-5915. doi:10.1145/383891.383894.CrossRefzbMATHGoogle Scholar
  22. Jim, T. (2001). SD3: A trust management system with certified evaluation. In IEEE symposium on security and privacy (pp. 106–115).Google Scholar
  23. Joshi, J., Bertino, E., Latif, U., & Ghafoor, A. (2005). A generalized temporal role-based access control model. IEEE Transactions on Knowledge & Data Engineering, 17(1), 4–23.CrossRefGoogle Scholar
  24. Kuhn, R. D. (1997). Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In RBAC’97: 2nd ACM workshop on Role-based access control (pp. 23–30). New York: ACM Press. ISBN 0-89791-985-8. doi:10.1145/266741.266749.CrossRefGoogle Scholar
  25. Lampson, B. W. (1974). Protection. ACM SIGOPS Operating Systems Review, 8(1), 18–24. ISSN 0163-5980. doi:10.1145/775265.775268.CrossRefGoogle Scholar
  26. Li, N., Bizri, Z., & Tripunitara, M. V. (2004). On mutually-exclusive roles and separation of duty. In CCS’04: 11th ACM conference on computer and communications security (pp. 42–51). New York: ACM Press. ISBN 1-58113-961-6. doi:10.1145/1030083.1030091.CrossRefGoogle Scholar
  27. Li, N., Byun, J.-W., & Bertino, E. (2007). A critique of the ANSI standard on role-based access control. IEEE Security and Privacy, 5(6), 41–49. ISSN 1540-7993. doi:10.1109/MSP.2007.158.CrossRefGoogle Scholar
  28. Li, N., Grosof, B. N., & Feigenbaum, J. (2003). Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information & System Security, 6(1), 128–171.CrossRefGoogle Scholar
  29. Li, N., & Mitchell, J. C. (2003). DATALOG with constraints: A foundation for trust management languages. In V. Dahl, & P. Wadler (Eds.), PADL’03: 5th international symposium on practical aspects of declarative languages, New Orleans. Lecture notes in computer science (Vol. 2562, pp. 58–73). New York: Springer. ISBN 3-540-00389-4.Google Scholar
  30. Li, N., & Wang, Q. (2008). Beyond separation of duty: An algebra for specifying high-level security policies. Journal of the ACM, 55(3) 1–46. ISSN 0004-5411. doi: 10.1145/1379759.1379760.CrossRefMathSciNetGoogle Scholar
  31. Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., et al. (2009). Access control policy combining: Theory meets practice. In SACMAT ’09: Proceedings of the 14th ACM symposium on access control models and technologies (pp. 135–144). New York: ACM. ISBN 978-1-60558-537-6. doi:10.1145/1542207.1542229.CrossRefGoogle Scholar
  32. Maher, M. J., & Srivastava, D. (1996). Chasing constrained tuple-generating dependencies. In R. Hull (Ed.), PODS’96: 15th ACM SIGACT-SIGMOD-SIGART symposium on principles of database systems, Montreal, Canada (pp. 128–138). New York: ACM Press. ISBN 0-89791-781-2.CrossRefGoogle Scholar
  33. Miège, A. (2005). Dénition d’un environnement formel d’expression de politiques de sécurité: Modèle Or-BAC et extensions. PhD thesis, Ecole Nationale Supérieure des Télécommunications, Paris.Google Scholar
  34. Ni, Q., Bertino, E., Lobo, J. & Calo, S. B. (2009). Privacy-aware role-based access control. IEEE Security and Privacy, 7, 35–43. ISSN 1540-7993. doi:10.1109/MSP.2009.102.CrossRefGoogle Scholar
  35. Sandhu, R. S. (1993). Lattice-based access control models. Computer, 26(11), 9–19. ISSN 0018-9162. doi:10.1109/2.241422.CrossRefGoogle Scholar
  36. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38–47.CrossRefGoogle Scholar
  37. Thomas, R. K. (1997). Team-based access control (tmac): A primitive for applying role-based access controls in collaborative environments. In RBAC’97: 2nd ACM workshop on Role-based access control (pp. 13–19). New York: ACM Press. ISBN 0-89791-985-8. doi:10.1145/266741.266748.CrossRefGoogle Scholar
  38. Thomas, R. K., & Sandhu, R. S. (1997). Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented autorization management. In T. Y. Lin, & S. Qian (Eds.), IFIP’98: 11th international conference on database security, Lake Tahoe, CA. IFIP conference proceedings (Vol. 113, pp. 166–181). London: Chapman & Hall. ISBN 0-412-82090-0.Google Scholar
  39. Wainer, J., Barthelmess, P., & Kumar, A. (2003). W-RBAC—a workflow security model incorporating controlled overriding of constraints. International Journal of Cooperative Information Systems, 12(4), 455–485.CrossRefGoogle Scholar
  40. Wainer, J., Kumar, A., & Barthelmess, P. (2007). DW-RBAC: A formal security model of delegation and revocation in workflow systems. Information Systems, 32(3), 365–384.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Université de LyonLyonFrance
  2. 2.Université de LyonLyonFrance

Personalised recommendations