Scalable Access Policy Administration (Invited Paper)

Opinions and a Research Agenda
  • Arnon Rosenthal
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


The emerging world of large, loosely coupled information systems requires major changes to the way we approach security research. For many years, we have proposed construct after construct to enhance the power and scope of policy languages. Unfortunately, this focus has led to models whose complexity is unmanageable, to reinventing technologies that other subdisciplines have done better, and to assumptions that large enterprises simply do not satisfy. We argue that it is time to emphasize a different challenge: radical scale-up. To achieve this, it will be crucial to emphasize simplicity, integration with (non-security) enterprise knowledge, and modularity for both models and administration. This position paper will illustrate the problems, and describe possible ways to achieve the desired capabilities.

Key words

Policy administration access policy scale role based access control semantic web simplicity security privacy 


  1. [AC]
    V. Atluri, S. Chun, An Access Control Model for Geo-spatial Data, IEEE Transactions on Dependable and Secure Systems, October-December, 2004Google Scholar
  2. [AS]
    S. Agrawal, B. Sprick Access Control for Semantic Web Services, IEEE ICSW, 2004Google Scholar
  3. [BJBG]
    R. Bhatti, J. Joshi, E. Bertino, A. Ghafoor, X-GTRBAC Admin: A Decentralized Administration Model for Enterprise Wide Access Control, ACM SACMAT Conference, Yorktown Heights, 2004Google Scholar
  4. [BS]
    E. Bertino, R. Sandhu, Database Security—Concepts, Approaches, and Challenges, IEEE Transactions On Dependable And Secure Computing, January–March 2005Google Scholar
  5. [CCF]
    S. Castano, S. De Capitani di Vimercati, M.G. Fugini, Automated Derivation of Global Authorizations for Database Federations, Journal of Computer Security, 1997Google Scholar
  6. [FKC]
    D Ferraiolo, R. Kuhn, R. Chandramouli, Role Based Access Control, Artech House, 2004Google Scholar
  7. [GO]
    E Gudes and M. Olivier, Security Policies in Replicated and Autonomous Databases, IFIP 11.3 Database Security 1998Google Scholar
  8. [IJITM]
    Call For papers Special Issue on: Access Control and Inference Control for the Semantic Web, International Journal of Information Technology and Management (IJITM) Scholar
  9. [KF+]
    L. Kagal, T. Finin, M. Paolucci, N. Srinivasan, and K. Sycara, G. Denker, Authorization and Privacy for Semantic Web Services, IEEE Intelligent Systems, 2004Google Scholar
  10. [KKKR]
    A. Kern, M. Kuhlmann, R. Kuropka, A. Ruthert, A Meta Model for Authorisations in Application Security Systems and their Integration into RBAC Administration, ACM SACMAT Conf. Yorktown Heights, NY 2004.Google Scholar
  11. [LMW]
    N. Li, J. Mitchell, W. Winsborough: Design of a Role-Based Trust-Management Framework. IEEE Symposium on Security and Privacy 2002 Google Scholar
  12. [Lo]
    D. Lomet, A Role for Research in the Database Industry, ACM Computing Surveys 28(4es), Dec. 1996 Google Scholar
  13. [NIST]
    National Institute of Science and Technology (website) Role Based Access Control Scholar
  14. [Oasis]
    Oasis Consortium, eXtensible Access Control Markup Language (XACML) and Security Application Markup Language (SAML), Scholar
  15. [PM]
    T. Prickett-Morgan, Gartner Says Database Market Continued Its Recovery in 2004, UNIX Guardian, June 9, 2005Google Scholar
  16. [QA]
    L. Qin, V. Atluri, Concept-level Access Control for the Semantic Web, ACM Workshop on XML Security, 2003Google Scholar
  17. [RW]
    A. Rosenthal, M. Winslett Security of Shared Data in Large Systems: State of the Art and Research Directions, Tutorial, ACM SIGMOD Conf, 2004, and VLDB. 2004Google Scholar
  18. [TL]
    M. Tripunitara, N. Li, Comparing the power of access control models, ACM conference on Computer and communications security, 2004Google Scholar
  19. [WWJ]
    L. Wang, D. Wijesekera, S. Jajodia, A Logic-based Framework for Attribute based Access Control, ACM FMSE 2004Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Arnon Rosenthal
    • 1
  1. 1.The MITRE CorporationUSA

Personalised recommendations