MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control

Attribute-Based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. This paper explores advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs.

Provided by: Association for Computing Machinery Topic: Data Management Date Added: Dec 2010 Format: PDF

Find By Topic