ABSTRACT
This work describes the access control system being implemented in INGRES (INteractive Graphics and REtrieval System). The scheme can be applied to any relational data base management system and has several advantages over other suggested schemes.
These include:
a) implementation ease
b) small execution time overhead
c) powerful and flexible controls
d) conceptual simplicity
The basic idea utilized is that a user interaction with the data base is modified to an alternate form which is guaranteed to have no access violations. This modification takes place in a high level interaction language. Hence, the processing of a resulting interaction can be accomplished with no further regard for protection. In particular, any procedure calls in the access paths for control purposes, such as in [1,2], are avoided.
- 1.Hoffman, L., "The Formulary Model for Access Control and Privacy," Stanford Linear Accelerator Center Report 117, May, 1970.Google Scholar
- 2."CODASYL Data Description Language," NBS Handbook 112, U. S. Dept. of Commerce, January, 1974.Google Scholar
- 3.Browne, P. and Steinauer, D., "A Model for Access Control," Proc. 1971 ACM-SIGFIDET Workshop on Data Description, Access and Control, San Diego, Calif., November, 1971.Google ScholarDigital Library
- 4.Weissman, C., "Security Controls in the ADEPT-50 Time Sharing System," Proc. 1969 Fall Joint Computer Conference, November, 1969.Google Scholar
- 5.Friedman, T., "The Authorization Problem in Shared Files," IBM Systems Journal, No. 4, 1970.Google Scholar
- 6.McDonald, N., Stonebraker, M., and Wong, E., "Preliminary Specification of INGRES," Electronics Research Laboratory Report #435-436, University of California, Berkeley, California, May, 1974.Google Scholar
- 7.Owens, R., "Evaluation of Access Authorization Characteristics of Derived Data Sets," Proc. 1971 SIGFIDET Workshop on Data Description, Access and Control, San Diego, California, November, 1971.Google Scholar
- 8.Systems," Project MAC Report TR-89, M.I.T., Cambridge, Mass., July, 1971.Google Scholar
- 9.Codd, E., "A Data Base Sublanguage Founded on the Relational Calculus," Proc. 1971 SIGFIDET Workshop on Data Description, Access and Control, San Diego, California, November, 1971.Google ScholarDigital Library
- 10.Boyce, R., et al., "Specifying Queries as Relational Expressions: SQUARE," IBM Technical Report RJ1291, IBM Research Laboratory, San Jose, California, October, 1973.Google Scholar
- 11.Chamberlin, D. and Boyce, R., "SEQUEL: A Structured English Query Language," Proc. 1974 ACM-SIGFIDET Workshop on Data Description, Access and Control, Ann Arbor, Michigan, May, 1974. Google ScholarDigital Library
- 12.Codd, E., "Relational Completeness of Data Base Sublanguages," Courant Computer Science Symposium, Vol. 6, Data Base Systems, Prentice Hall, New York, May, 1971.Google Scholar
- 13.Stonebraker, M., "A Functional View of Data Independence," Proc. 1974 ACM-SIGFIDET Workshop on Data Description, Access and Control, Ann Arbor, Mich., May 1974. Google ScholarDigital Library
- 14.Codd, E., "A Relational Model of Data for Large Shared Data Banks," CACM, Vol. 13, No. 6, June, 1970. Google ScholarDigital Library
- 15.Rothnie, J., "An Approach to Implementing a Relational Data Management System," Proc. 1974 ACM-SIGFIDET Workshop on Data Description Access and Control, Ann Arbor, Michigan, May, 1974. Google ScholarDigital Library
- 16.Boyce, R. and Chamberlin, D., "Using a Structured English Query Language as a Data Definition Facility,$" IBM Research Report No. RJ 1318, IBM Research Laboratory, San Jose, California, December, 1973.Google Scholar
- 17.Graham, R., "Protection in an Information Processing Utility," CACM, Vol. 11, No. 5, May 1968. Google ScholarDigital Library
- 18.Lampson, B., "Dynamic Protection Structures," Proc. 1969 Fall Joint Computer Conference, November 1969.Google Scholar
Index Terms
- Access control in a relational data base management system by query modification
Recommendations
Access to Indexed Hierarchical Databases Using a Relational Query Language
An efficient means of accessing indexed hierarchical databases using a relational query language is presented. The purpose is to achieve an effective sharing of heterogeneous distributed databases. Translation of hierarchical data to an equivalent ...
On Workload Characterization of Relational Database Environments
A relational database workload analyzer (REDWAR) is developed to characterize the workload in a DB2 environment. This is applied to study a production DB2 system where a structured query language (SQL) trace for a two-hour interval and an image copy of ...
Impacts of logic and databases (invited paper)
VLDB '81: Proceedings of the seventh international conference on Very Large Data Bases - Volume 7This paper deals with the relationships between logic and relational data bases. A goal of the paper is to show, through many results published in the literature, how logic can provide a formal support to study classical database problems, and in some ...
Comments