Data Management

MyABDAC: Compiling XACML Policies for Attribute-Based Database Access Control

Free registration required

Executive Summary

Attribute-Based Access Control (ABAC) based on XACML can substantially improve the security and management of access rights on databases. However, existing implementations rely on high-level policy interpretation and are not as efficient as mechanisms natively supported by commodity databases. This paper explores advantages and challenges arising from compiling XACML policies for database access into Access Control Lists (ACLs) natively supported by the database. The main contributions are an architecture and algorithms for efficiently addressing incremental changes in attributes that could trigger changes to the ACLs.

  • Format: PDF
  • Size: 1213.2 KB