Article

Free access

Propagation of authorizations in distributed database systems

Authors:

Pierangela Samarati,

Sushil JajodiaAuthors Info & Claims

CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security

Pages 136 - 147

https://doi.org/10.1145/191177.191204

Published: 02 November 1994 Publication History

Abstract

We consider the propagation of authorizations in distributed database systems. If no constraints are imposed on the propagation of authorization changes, then the authorization states at different sites may evolve inconsistently. A standard solution is to suppress the distributed aspect and make all changes appear as if they had occurred in some serial order at a single site, perhaps via an atomic commit protocol. However, rigid insistence on consistency may result in authorization changes being needlessly delayed, a problem exacerbated in the context of site or communication failures. We propose an optimistic authorization propagation algorithm. We specify an authorization table and a set of operations for altering the authorization table. Each site maintains a log of authorization operations. We exploit the semantics of authorization operations to avoid relying on an undo-redo mechanism for processing out of order operations. Instead we give efficient, direct algorithms to scan the log and update the authorization table. Any inconsistencies in replicas of the authorization table are transient and are eliminated by further communication between sites. We discuss pruning the authorization log.

References

[1]

P. A. Bernstein, V. Hadzilacos, and N. Goodman. Concurrency Control and Recovery in Database Systems. Addison- Wesley, Reading, MA, 1987.

Digital Library

[2]

D.E. Bell and L.J. LaPadula. Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR- 2997, The Mitre Corporation, Bedford, MA, March 1976.

[3]

A.D. Birrel, R. Levin, R.M. Needham, and M.D. Schroeder. Grapevine: an exercise in distributed computing. Communications of the A CM, 25(4):260-274, April 1982.

Digital Library

[4]

A. Demers, D. Greene, C. Hauser, W. Irish, J. Larson, S. Shenker, H. Sturgis, D. Swinehart, and D. Terry. Epidemic algorithms for replicated database maintenance. In A CM PODC Symposium on Principles of Distributed Computing, pages 1-12. ACM, 1987.

Digital Library

[5]

S.B. Davidson, H. Garcia-Molina, and D. Skeen. Consistency in partitioned networks. A CM Computing Surveys, 17(3):341- 370, September 1985.

Digital Library

[6]

DoD Computer Security Center. Trusted Computer System Evaluation Criteria, December 1985. DoD 5200.28-STD.

[7]

R. Fagin. On an authorization mechanism. A CM Transaciions on Database Systems, 3(3):310-319, September 1978.

Digital Library

[8]

M.J. Fischer and A. Michael. Sacrificing serializability to attain high availability of data in an unreliable network. In A CM SIGACT-SIGMOD Symposium on Principles of Database Systems, pages 70-75. ACM, 1982.

Digital Library

[9]

P.G. Griffiths and B. Wade. An authorization mechanism for a relational database system. A CM Transactions on Database Systems, 1(3):242-255, September 1976.

Digital Library

[10]

M.P. Herlihy and W.E. Weihl. Hybrid concurrency control for abstract data types. In A CM PODC Symposium on Principles of Database Systems, pages 201-210. ACM, 1988.

Digital Library

[11]

S. Jajodia and D. Mutchler. Dynamic voting algorithms for maintaining the consistency of replicated databases. A CM Transactions on Database Systems, 15(2):230-280, June 1990.

Digital Library

[12]

Leslie Lamport. Time, clocks, and the ordering of events in a distributed system. Communications of the A CM, 21(7):558- 565, July 1978.

Digital Library

[13]

B.W. Lampson. Designing a global name service. In A CM PODC Symposium on Principles of Distributed Computing, pages 1-10. ACM, 1986.

Digital Library

[14]

R. Ladin, B. Liskov, L. Shira, and S. Ghemawat. Providing high availability using lazy replication. A CM Transactions on Computer Systems, 10(4), 1992.

Digital Library

[15]

T.P. N g. Using histories to implement atomic objects. A CM Transactions on Computer Systems, 7(4):360-393, November 1989.

Digital Library

[16]

P. Samarati, P. Ammann, and S. Jajodia. Propagation of authorizations in distributed database systems. (extended version), in preparation, 1994.

[17]

R.E. Strom and S. Yemini. Optimistic recovery in distributed systems. A CM Transactions on Computer Systems, 3(3):204-226, August 1985.

Digital Library

[18]

G.T.J. Wuu and A.J. Bernstein. Efficient solutions to the replicated log and dictionary problems. In A CM PODC Symposium on Principles of Distributed Computing, pages 233-242. ACM, 1984.

Digital Library

Cited By

Atluri VHuang W(2005)An authorization model for workflowsComputer Security — ESORICS 9610.1007/3-540-61770-1_27(44-64)Online publication date: 2-Jun-2005
https://doi.org/10.1007/3-540-61770-1_27
Atluri VChun S(2004)An Authorization Model for Geospatial DataIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2004.321:4(238-254)Online publication date: 1-Oct-2004
https://dl.acm.org/doi/10.1109/TDSC.2004.32

Index Terms

Propagation of authorizations in distributed database systems

Recommendations

Delegating revocations and authorizations
BPM'07: Proceedings of the 2007 international conference on Business process management

Delegation models based on role-based access control (RBAC) management have been known as flexible and efficient access management for data sharing on distributed environment. Delegation revocations are a significant functionality for the models in ...
Mutual Authorizations: Semantics and Integration Issues
SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Studies in fields like psychology and sociology have revealed that reciprocity is a powerful determinant of human behavior. None of the existing access control models however captures this reciprocity phenomenon. In this paper, we introduce a new kind ...
Designing and evaluating weighted delegatable authorizations

This paper studies logic-based methods for representing and evaluating complex access control policies needed by modern applications. In our framework, authorization and delegation rules are specified in a weighted delegatable authorization program, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '94: Proceedings of the 2nd ACM Conference on Computer and communications security

November 1994

293 pages

ISBN:0897917324

DOI:10.1145/191177

Chairmen:
Dorothy Denning
Georgetown Univ.
,
Raymond Pyle
Bell Atlantic
,
Ravi Ganesan
Bell Atlantic
,
Ravi Sandhu
George Mason Univ.

Copyright © 1994 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 1994

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Conference

CCS94

Sponsor:

SIGSAC

CCS94: 2nd ACM Conference on Computer & Communications Security

Virginia, Fairfax, USA

Acceptance Rates

CCS '94 Paper Acceptance Rate 31 of 70 submissions, 44%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
686
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)14

Reflects downloads up to 31 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Atluri VHuang W(2005)An authorization model for workflowsComputer Security — ESORICS 9610.1007/3-540-61770-1_27(44-64)Online publication date: 2-Jun-2005
https://doi.org/10.1007/3-540-61770-1_27
Atluri VChun S(2004)An Authorization Model for Geospatial DataIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2004.321:4(238-254)Online publication date: 1-Oct-2004
https://dl.acm.org/doi/10.1109/TDSC.2004.32

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten