Databases Reference
In-Depth Information
Table 2.
Examples of access control rules regulating access to the Mobile Network
Console and databases
subject
action
object
generic conditions
location-based conditions
1 user
.role=admin
∧
inarea
(
user
.sim
,
Server Room
)
∧
execute
object
.name=MNC
valid
(
user
.username
,
density
(
Server Room
,
1
,
1
)
∧
user
.password
)
velocity
(
user
.sim
,
0
,
3
)
2 user
.role=admin
∧
inarea
(
user
.sim
,
Inf. System Dept.
)
∧
object
.category=
read
valid
(
user
.username
,
local density
(
user
.sim
,
Close By
,
1
,
1
)
∧
Log&Bill
user
.password
)
velocity
(
user
.sim
,
0
,
3
)
3 user
.role=CEO
∧
local density
(
user
.sim
,
Close By
,
1
,
1
)
∧
read
object
.category=
valid
(
user
.username
,
inarea
(
user
.sim
,
Corp. Main Office
)
∧
customer
user
.password
)
velocity
(
user
.sim
,
0
,
3
)
4 user
.role=CEO
∧
local density
(
user
.sim
,
Close By
,
1
,
1
)
∧
object
.category=
read
valid
(
user
.username
,
user
.password
)
disjoint
(
user
.sim
,
Competitor Location
)
StatData
5 user
.role=guest
∧
local density
(
user
.sim
,
Close By
,
1
,
1
)
∧
object
.category=
read
valid
(
user
.username
,
user
.password
)
inarea
(
user
.sim
,
Corporate Location
)
StatData
•
obj expr
is a boolean formula of terms referring to a set of objects depend-
ing on whether they satisfy or not certain conditions that can evaluate
membership of the object in categories, values of properties on metadata,
and so on;
•
action
is the action (or class of actions) to which the rule refers.
Each profile is referenced with the identity of the corresponding
user/object. Single properties within users and objects profiles are referenced
with the traditional dot notation. For instance,
alice.address
indicates the
address of user
alice
. Here,
alice
is the identity of the user (and therefore
the identifier for the corresponding profile), and
address
is the name of the
property. To refer to the user and the object involved in a request without
introducing variables in the language, we use two keywords:
user
indicates
the identifier of the person making the request;
object
indicates the identifier
of the object to which access is requested.
Example 2.
Consider a company responsible for the management of a mobile
network that needs both strong authentication methods and expressive ac-
cess control policies. Suppose that the Mobile Network Console (MNC) is the
software that permits to reconfigure the mobile network. Managing a nation-
wide mobile network is an extremely critical activity because reconfiguration
privileges must be granted to strictly selected personnel only and must be per-
formed according to high security standards (rule 1 in Table 2). In addition to
reconfiguration privileges, also the access to mobile network's databases must
be managed carefully and according to different security standards depending
on the level of risk of the data to be accessed. In particular, access to log-
ging and billing data is critical, because they include information about the
position and movements of mobile operator's customers (rule 2 in Table 2).
Access to customer-related information is usually less critical but still to be
