Databases Reference
In-Depth Information
In this way, a change in the access control policy does not require any changes
in the mechanism. Also, the separation between model and mechanism makes
it possible to formally prove security properties on the model; any mechanism
that correctly enforces the model will then enjoy the same security properties
proved for the model.
The variety and complexity of the protection requirements that may need
to be imposed in today's systems makes the definition of access control policies
a far from trivial process. An access control system should be simple and
expressive. It should be simple to make easy the management task of specifying
and maintaining the security specifications. It should be expressive to make
it possible to specify in a flexible way different protection requirements that
may need to be imposed on different resources and data. Moreover, an access
control system should include support for the following features.
•
Policy combination
. Since information may not be under the control of a
single authority, access control policies information may take into consider-
ation the protection requirements of the owner, but also the requirements
of the collector and of other parties. These multiple authorities scenario
should be supported from the administration point of view providing solu-
tions for modular, large-scale, scalable policy composition and interaction.
•
Anonymity.
Many services do not need to know the real identity of a user.
It is then necessary to make access control decisions dependent on the
requester's
attributes
, which are usually proved by
digital certificates
.
•
Data outsourcing.
A recent trend in the information technology area is rep-
resented by data outsourcing, according to which companies shifted from
fully local management to outsourcing the administration of their data by
using externally service providers [1, 2, 3]. Here, an interesting research
challenge consists in developing an ecient mechanism for implementing
selective access to the remote data.
These features pose several new challenges to the design and implementa-
tion of access control systems. In this chapter, we present the emerging trends
in the access control field to address the new needs and desiderata of today's
systems. The remainder of the chapter is organized as follows. Section 2 briefly
discusses some basic concepts about access control, showing the main charac-
teristics of the discretionary, mandatory, and role-based access control policies
along with their advantages and disadvantages. Section 3 introduces the prob-
lem of enforcing access control in open environments. After a brief overview
of the issues that need to be addressed, we describe some proposals for trust
negotiation and for regulating service access. Section 4 addresses the problem
of combining access control policies that may be independently stated. We
first describe the main features that a policy composition framework should
have and then illustrate some current solutions. Section 5 presents the main
approaches for enforcing selective access in an outsourced scenario. Finally,
Sect. 6 concludes the chapter.
