Advertisement

An authorization model for federated systems

  • Sabrina De Capitani di Vimercati
  • Pierangela Samarati
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1146)

Abstract

We present an authorization model for federated systems based on a tightly coupled architecture. The model supports authorizations to build and maintain the federation as well as authorizations to access the federated data. At each component site owners declare the objects they wish to export and the access modes executable on them by users of the federation. Inclusion of objects into the federation requires their subsequent import by the federation administrator. Different degrees of authorization autonomy are supported, whereby users can retain or delegate the federation administrator the task of specifying authorizations. A site can require to authenticate the user at each access or accept his identity as communicated by the federation. An access control algorithm describing controls to be enforced at the federation and at each local site under the different authentication and administrative options is presented.

Keywords

Federated systems access control authorization administration authorization autonomy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abadi, M. Burrow, B. Lampson, and G. Plotkin. A Calculus for Access Control in Distributed Systems. Technical Report 70, DEC, System Research Center, Palo Alto, February 1991.Google Scholar
  2. 2.
    Barbara T. Blaustein, Catherine D. McCollum, Amon Rosenthal, and Kenneth P. Smith. Autonomy and Confidentiality: Secure Federated Data Management. In Proceeding of the 2nd International Workshop on Next generation Information Technologies and Systems, Naharia, Israel, June 1995.Google Scholar
  3. 3.
    S. Castano, M.G. Fugini, G. Martella, and P. Samarati. Database Security. Addison-Wesley, 1995.Google Scholar
  4. 4.
    M. L. Goyal and G. V. Singh. Access Control in Distributed Heterogeneous Database Management Systems. Computers & Security, 10:661–669, 1991.Google Scholar
  5. 5.
    D. Heimbigner and D. McLeod. A Federated Architecture for Information Management. ACM Transactions on Office Information Systems, 3(3):253–278, 1985.Google Scholar
  6. 6.
    V. E. Jones, N. Ching, and M. Winslett. Credentials for Privacy and Interoperation. In Proc. New Security Paradigms Workshop, pages 93–100, La Jolla, California, U.S.A, August 1995.Google Scholar
  7. 7.
    Dirk Jonscher and Klaus R. Dittrich. Access Control for Database Federations a discussion of the state-of-the-art. In Proceeding DBTA Workshop on Interoperability of DBSs and DB Applications, October 1993.Google Scholar
  8. 8.
    Dirk Jonscher and Klaus R. Dittrich. An Approach for Building Secure Database Federations. In Proceedings of the 20th VLDB Conference, Santiago, Chile, 1994.Google Scholar
  9. 9.
    Dirk Jonscher and Klaus R. Dittrich. Argos — A Configurable Access Control Subsystem Which Can Propagate Access Rights. In Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, New York, U.S.A, August 1995.Google Scholar
  10. 10.
    Wom Kim, Nat Ballou, Jorge F. Garza, and Darrel Woelk. A Distributed Object-Oriented Database System Supporting Shared and Private Databases. ACM Transactions on Office Information Systems, 9(1):31–51, January 1991.Google Scholar
  11. 11.
    Witold Litwin, Leo Mark, and Nick Roussopoulos. Interoperability of Multiple Autonomous Databases. ACM Computing Surveys, 22(3):267–293, 1990.Google Scholar
  12. 12.
    J. McHugh and B. Thuraisingham. Multilevel Security Issues in Distributed Database Management Systems. Computers & Security, 7:387–396, 1988.Google Scholar
  13. 13.
    B. Clifford Neuman and Theodore Ts'o. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, 32(9):33–38, 1994.Google Scholar
  14. 14.
    Martin S. Olivier. A Multilevel Secure Federated Database. In Proc. 9th IFIP Working Conference on Database Security, Rensselaerville, pages 23–38, New York, U.S.A, August 1995.Google Scholar
  15. 15.
    R.S. Sandhu and P. Samarati. Access Control: Principles and Practice. IEEE Communications, pages 2–1s0, September 1994.Google Scholar
  16. 16.
    M. Satyanarayanan. Integrating Security in a Large Distributed System. ACM Transactions on Computer Systems, 7(3):247–280, August 1989.Google Scholar
  17. 17.
    Amit P. Sheth and James A. Larson. Federated Database Systems for Managing Distributed, Heterogeneous, and Autonomous Databases. ACM Computing Surveys, 22(3):183–236, 1990.Google Scholar
  18. 18.
    M. Templeton, E. Lund, and P. Ward. Pragmatics of Access Control in Mermaid. In IEEE-CS TC Data Engineering, pages 33–38, September 1987.Google Scholar
  19. 19.
    Gomer Thomas, Glenn R. Thompson, Chin-Wan Chung, Edward Barkmeyer, Fred Carter, Marjorie Templeton, Stephen Fox, and Berl Hartman. Heterogeneous Distributed Database Systems for Production Use. ACM Computing Surveys, 22(3):237–266, 1990.Google Scholar
  20. 20.
    B. Thuraisingham. Multilevel Security Issues in Distributed Database Management Systems II. Computers & Security, 10:727–747, 1991.Google Scholar
  21. 21.
    B. Thuraisingham and Harvey H. Rubinovitz. Multilevel Security Issues in Distributed Database Management Systems III. Computers & Security, 11:661–674, 1992.Google Scholar
  22. 22.
    Ching-Yi Wang and David L. Spooner. Access Control in a Heterogeneous Distributed Database Management System. In IEEE 6th Symp. on Reliability in Distributed Software and Database Systems, Williamsburg, pages 84–92, 1987.Google Scholar
  23. 23.
    Edward Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos Operating System. ACM Transactions on Computer Systems, 12(1):3–32, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Sabrina De Capitani di Vimercati
    • 1
  • Pierangela Samarati
    • 1
  1. 1.Dipartimento di Scienze dell'InformazioneUniversità di MilanoMilanoItaly

Personalised recommendations