Information Technology Reference
In-Depth Information
about Bob's status and holds Bob to have a status level
l
2
. Because of the revision
of Bob's status, the write action that Bob was permitted to perform on
o
1
,up
until
20/12/2002
, is dynamically withdrawn. Moreover, after 31/12/2002, the
read access privilege that Bob has on
o
1
in the interval [12/12/2002, 31/12/2002]
will be dynamically withdrawn.
A number of attractive technical results apply to the operational methods
that may be used with
SBAC
(
ψ
). In particular, if a sound and complete oper-
ational method is used for evaluating access requests with respect to
SBAC
(
ψ
)
then (i) no unauthorized access is provable (thus,
safety
[5] is ensured), and (ii)
all authorized access is provable (thus,
availability
[5] is ensured).
5 The Practical Implementation of
SBAC
Programs
We have implemented a range of
SBAC
programs to control access to our test
databases. We have used CGI as our interface mechanism. More specifically, we
used Eugene Kim's CGIHTML package [13]. All development work was done on
Solaris using Sun's Forte compiler and an Apache server. Our
SBAC
programs
are implemented by using XSB [14]. XSB permits the well-founded semantics
of an
SBAC
program to be computed by using
SLG-resolution
[14]. The appli-
cation programs are written in C and use the XSB object module to produce
applications offering good performance. Our implementation involves passing
queries to XSB in the form of a string; returned data is obtained from an XSB
register. Access requests are made at a web-site via a dialog box in an HTML
form.
The general process followed by our applications is as follows:
1. The applications are called by the CGI server and are passed a string from
which they extract the requester agent's access request,
R
.
2.
is parsed to make sure that it is syntactically correct. If not, an error
message is returned.
3. If
R
is syntactically correct then it is passed to XSB for evaluation.
4. XSB is initialized and reads its pre-compiled data file; it is then passed the
constructed form
R
C
of
R
.
5. The result of evaluating
R
R
C
is returned directly to the CGI server (embedded
in the necessary HTML, as with all data returned to the server).
Our analysis of the results of our test queries on SQL databases and
extended
protected databases
[15], reveal that evaluating access requests via
SBAC
pro-
grams incurs additional overheads of the order of a few hundredths of a second
(in the worst case). These costs are negligible relative to the communication costs
incurred in accessing a database via the web (see [9] for detailed performance
results).
6 Conclusions and Further Work
SBAC
programs are succinct, they are formally well-defined, they can be used to
represent a range of access policies, they permit properties of an access policy to
