Access control deals with preventing unauthorized operations on the managed data. Access control is usually performed against a set of authorizations stated by Security Administrators (SAs) or users according to the access control policies of the organization. Authorizations are then processed by the access control mechanism (or reference monitor) to decide whether each access request can be authorized or should be denied.
Access control models for DBMSs have been greatly influenced by the models developed for the protection of operating system resources (see, for instance, the model proposed by Lampson , also known as the access matrix model, since authorizations are represented as a matrix). However, much of the early work on database protection was on inference control in statistical databases.
Then, in the 1970s, as research in relational databases began, attention was directed towards access control issues. As...
- 4.Air Force Studies Board, Committee on Multilevel Data Management Security. Multilevel data management security. National Research Council; 1983.Google Scholar
- 5.Castano S, Fugini MG, Martella G, Samarati P. Database security. Addison-Wesley & ACM Press; 1995.Google Scholar
- 6.Ferrari E. Access control in data management systems. Synthesis lectures on data management. Morgan & Claypool Publishers; 2010.Google Scholar
- 9.Bertino E, Kirkpatrick MS. Location-based access control systems for mobile users: concepts and research directions. In: Proceedings of the 4th ACM IGSPATIAL International Workshop on Security and Privacy in GIS and LBS; 2011.Google Scholar
- 10.Carminati B, Ferrari E, Tan KL. A framework to enforce access control over data streams. ACM Trans Inf Syst Secur. 2011;8(3):337–52.Google Scholar
- 11.Carminati B, Ferrari E, Viviani M. Security and trust in online social networks, synthesis lectures on information security, privacy and trust. Morgan & Claypool; 2013.Google Scholar
- 12.Kuner C, Cate F, Millard C, Svantesson D. The challenge of big data for data protection. Int Data Priv Law. 2012;2(2).Google Scholar