BNCOD 2010: Data Security and Security Data pp 12-24 | Cite as
Access Control Using Active Rules
Conference paper
Abstract
Access to only authorized resources is provided by access control mechanisms. Active or Event-Condition-Action rules make the underlying systems and applications active by detecting and reacting to changes. In this paper, we show how active rules can be used to enforce Role-Based Access Control (RBAC) standard. First, we analyze different components of active rules and their mappings for enforcing RBAC standard. Second, we discuss how RBAC standard is enforced using active rules. Finally, we discuss how active rules extend RBAC standard to cater to a large class of applications.
Keywords
ECA Rules Role-Based Access Control Event ConstraintsPreview
Unable to display preview. Download preview PDF.
References
- 1.Sandhu, R.S., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
- 2.The Economic Impact of Role-Based Access Control, NIST (2002), http://www.nist.gov/director/prog-ofc/report02-1.pdf
- 3.Role-Based Access Control Case Studies and Experience, NIST, http://csrc.nist.gov/rbac/RBAC-case-studies.html
- 4.RBAC Standard, ANSI INCITS 359-2004, International Committee for IT Standards (2004)Google Scholar
- 5.Chen, F., Sandhu, R.S.: Constraints for role-based access control. In: Proc. of the ACM Workshop on RBAC, p. 14. ACM Press, New York (1996)Google Scholar
- 6.Strembeck, M., Neumann, G.: An integrated approach to engineer and enforce context constraints in RBAC environments. ACM TISSEC 7(3), 392–427 (2004)CrossRefGoogle Scholar
- 7.Adaikkalavan, R., Chakravarthy, S.: When to Trigger Active Rules?. In: Proc. of the COMAD, Mysore, India (December 2009)Google Scholar
- 8.Demers, A.J., Gehrke, J., Panda, B., Riedewald, M., Sharma, V., White, W.M.: Cayuga: A general purpose event monitoring system. In: Proc. of the CIDR, pp. 412–422 (2007)Google Scholar
- 9.Adaikkalavan, R., Chakravarthy, S.: Event Specification and Processing For Advanced Applications: Generalization and Formalization. In: Wagner, R., Revell, N., Pernul, G. (eds.) DEXA 2007. LNCS, vol. 4653, pp. 369–379. Springer, Heidelberg (2007)CrossRefGoogle Scholar
- 10.Adaikkalavan, R., Chakravarthy, S.: SnoopIB: Interval-Based Event Specification and Detection for Active Databases. DKE 59(1), 139–165 (2006)CrossRefGoogle Scholar
- 11.Carlson, J., Lisper, B.: An Interval-Based Algebra for Restricted Event Detection. In: Larsen, K.G., Niebert, P. (eds.) FORMATS 2003. LNCS, vol. 2791, pp. 121–133. Springer, Heidelberg (2004)CrossRefGoogle Scholar
- 12.Paton, N.W.: Active Rules in Database Systems. Springer, New York (1999)CrossRefMATHGoogle Scholar
- 13.Widom, J., Ceri, S.: Active Database Systems: Triggers and Rules. Morgan Kaufmann Publishers, Inc. (1996)Google Scholar
- 14.Chakravarthy, S., Krishnaprasad, V., Anwar, E., Kim, S.-K.: Composite Events for Active Databases: Semantics, Contexts, and Detection. In: Proc. of the VLDB, pp. 606–617 (1994)Google Scholar
- 15.Gatziu, S., Dittrich, K.R.: Events in an Object-Oriented Database System. In: Proc. of the Rules in Database Systems (September 1993)Google Scholar
- 16.Gehani, N.H., Jagadish, H.V., Shmueli, O.: Composite Event Specification in Active Databases: Model & Implementation. In: Proc. of the VLDB, pp. 327–338 (1992)Google Scholar
- 17.Chakravarthy, S., Anwar, E., Maugis, L., Mishra, D.: Design of Sentinel: An Object-Oriented DBMS with Event-Based Rules. IST 36(9), 559–568 (1994)Google Scholar
- 18.Galton, A., Augusto, J.: Two Approaches to Event Definition. In: Hameurlain, A., Cicchetti, R., Traunmüller, R. (eds.) DEXA 2002. LNCS, vol. 2453, pp. 547–556. Springer, Heidelberg (2002)CrossRefGoogle Scholar
Copyright information
© Springer-Verlag Berlin Heidelberg 2012