Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database
Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Ac...
Gespeichert in:
| Veröffentlicht in: | Computers & security Jg. 86; S. 183 - 205 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Journal Article |
| Sprache: | Englisch |
| Veröffentlicht: |
Amsterdam
Elsevier Ltd
01.09.2019
Elsevier Sequoia S.A |
| Schlagworte: | |
| ISSN: | 0167-4048, 1872-6208 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Abstract | Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach. |
|---|---|
| AbstractList | Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach.Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach. Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an increasing interest towards specification and enforcement of flexible and dynamic decision making security policies using Attribute Based Access Control (ABAC). However, it is not easy to migrate an existing security policy specified in a different model into ABAC. Furthermore, there exists no comprehensive approach that can specify, enforce and manage ABAC policies along with other policies potentially already existing in the organization as a unified security policy. In this article, we present a unique and flexible solution that enables concurrent specification and enforcement of such security policies through storing and querying data in a multi-dimensional and multi-granular data model. Specifically, we present a unified database schema, similar to that traditionally used in data warehouse design, that can represent different types of access control policies and store relevant policies as in-memory data, thereby significantly reducing the execution time of access request evaluation. We also present a novel approach for combining multiple access control policies through meta-policies. For ease of management, an administrative schema is presented that can specify different types of administrative policies. Extensive experiments on a wide range of data sets demonstrate the viability of the proposed approach. |
| Author | Sural, Shamik Singh, Mahendra Pratap Vaidya, Jaideep Atluri, Vijayalakshmi |
| AuthorAffiliation | 1 Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India 2 Management Science and Information Systems Department, Rutgers University, USA |
| AuthorAffiliation_xml | – name: 1 Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India – name: 2 Management Science and Information Systems Department, Rutgers University, USA |
| Author_xml | – sequence: 1 givenname: Mahendra Pratap surname: Singh fullname: Singh, Mahendra Pratap email: mahoo15@gmail.com organization: Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India – sequence: 2 givenname: Shamik surname: Sural fullname: Sural, Shamik email: shamik@cse.iitkgp.ac.in organization: Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India – sequence: 3 givenname: Jaideep orcidid: 0000-0002-7420-6947 surname: Vaidya fullname: Vaidya, Jaideep email: jsvaidya@business.rutgers.edu organization: Management Science and Information Systems Department, Rutgers University, USA – sequence: 4 givenname: Vijayalakshmi surname: Atluri fullname: Atluri, Vijayalakshmi email: atluri@rutgers.edu organization: Management Science and Information Systems Department, Rutgers University, USA |
| BookMark | eNp9kU9v1DAUxC1URLeFL8ApEhcu2fpPYjsSQkJVgUpFXOBsvdgvWy-JvdhJq357HLYc6KEnS36_GWlmzshJiAEJecvollEmL_ZbGzNuOWXdlsotpewF2TCteC051SdkUyBVN7TRp-Qs530BlNT6FTkVTErednRDlm8QYOfDroJ5Tr5fZqx7yOgqsBZzrmwMc4pjdYijtx5z5UMF1RL84As0JJjwPqZf1ZJXEwczVPeQ8DYePyC4oqgnnGJ6-Hte3V-TlwOMGd88vufk5-erH5df65vvX64vP93UtpF0roUYRAui19phqxWTyIXrOi6aobOyt6wB16thQAbSNq2mqm-6ZlDcaTkwqsQ5-Xj0PSz9hM5iyQKjOSQ_QXowEbz5_xL8rdnFOyP12iMtBu8fDVL8vWCezeSzxXGEgCWh4YJR2aqmFQV99wTdxyWFEs9wrlWnOqF4ofSRsinmnHAw1s8w-7Vl8KNh1Kzbmr1ZtzXrtoZKU6YrUv5E-i_Hs6IPRxGWmu88JpPLisGi8wntbFz0z8n_ALHCwKY |
| CitedBy_id | crossref_primary_10_1007_s10796_021_10167_z crossref_primary_10_1007_s12652_020_01695_8 crossref_primary_10_1016_j_cose_2025_104516 crossref_primary_10_1007_s11280_022_01130_2 crossref_primary_10_1155_2021_1735349 crossref_primary_10_1186_s13677_024_00692_y crossref_primary_10_3390_electronics12040987 crossref_primary_10_1007_s11036_021_01839_w crossref_primary_10_1016_j_imu_2023_101270 |
| Cites_doi | 10.1109/2.485845 10.1109/TKDE.2005.1 10.3233/JCS-2009-0364 10.1016/j.sysarc.2010.04.005 10.1145/501978.501979 10.1145/3007204 10.1109/MC.2010.155 10.1145/248603.248616 10.1002/sec.1520 10.1016/j.ic.2014.07.009 10.1145/300830.300839 |
| ContentType | Journal Article |
| Copyright | 2019 Elsevier Ltd Copyright Elsevier Sequoia S.A. Sep 2019 |
| Copyright_xml | – notice: 2019 Elsevier Ltd – notice: Copyright Elsevier Sequoia S.A. Sep 2019 |
| DBID | AAYXX CITATION 7SC 8FD JQ2 K7. L7M L~C L~D 7X8 5PM |
| DOI | 10.1016/j.cose.2019.06.001 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection ProQuest Criminal Justice (Alumni) Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional MEDLINE - Academic PubMed Central (Full Participant titles) |
| DatabaseTitle | CrossRef ProQuest Criminal Justice (Alumni) Technology Research Database Computer and Information Systems Abstracts – Academic ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional MEDLINE - Academic |
| DatabaseTitleList | MEDLINE - Academic ProQuest Criminal Justice (Alumni) |
| Database_xml | – sequence: 1 dbid: 7X8 name: MEDLINE - Academic url: https://search.proquest.com/medline sourceTypes: Aggregation Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISSN | 1872-6208 |
| EndPage | 205 |
| ExternalDocumentID | PMC6818720 10_1016_j_cose_2019_06_001 S0167404819301166 |
| GroupedDBID | --K --M -~X .DC .~1 0R~ 1B1 1RT 1~. 1~5 29F 4.4 457 4G. 5GY 5VS 7-5 71M 8P~ 9JN AACTN AAEDT AAEDW AAIAV AAIKJ AAKOC AALRI AAOAW AAQFI AAQXK AAXUO AAYFN ABBOA ABFSI ABMAC ABXDB ABYKQ ACDAQ ACGFO ACGFS ACNNM ACRLP ACZNC ADBBV ADEZE ADHUB ADJOM ADMUD AEBSH AEKER AENEX AFFNX AFKWA AFTJW AGHFR AGUBO AGYEJ AHHHB AHZHX AIALX AIEXJ AIKHN AITUG AJBFU AJOXV ALMA_UNASSIGNED_HOLDINGS AMFUW AMRAJ AOUOD ASPBG AVWKF AXJTR AZFZN BKOJK BKOMP BLXMC CS3 DU5 E.L EBS EFJIC EFLBG EJD EO8 EO9 EP2 EP3 FDB FEDTE FGOYB FIRID FNPLU FYGXN G-2 G-Q GBLVA GBOLZ HLX HLZ HVGLF HZ~ IHE J1W KOM LG8 LG9 M41 MO0 MS~ N9A O-L O9- OAUVE OZT P-8 P-9 P2P PC. PQQKQ Q38 R2- RIG RNS ROL RPZ RXW SBC SBM SDF SDG SDP SES SEW SPC SPCBC SSV SSZ T5K TAE TN5 TWZ WH7 WUQ XJE XPP XSW YK3 ZMT ~G- 9DU AATTM AAXKI AAYWO AAYXX ABJNI ABWVN ACLOT ACRPL ACVFH ADCNI ADNMO AEIPS AEUPX AFJKZ AFPUW AGQPQ AIGII AIIUN AKBMS AKRWK AKYEP ANKPU APXCP CITATION EFKBS ~HD 7SC 8FD JQ2 K7. L7M L~C L~D 7X8 5PM |
| ID | FETCH-LOGICAL-c460t-33f35a3b88de58716e23d99234f9c6bc14adb7ffe1a6c45807b494f72d86f1073 |
| ISICitedReferencesCount | 13 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000483406200011&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 0167-4048 |
| IngestDate | Tue Sep 30 16:52:49 EDT 2025 Sun Sep 28 09:21:47 EDT 2025 Thu Nov 20 01:07:49 EST 2025 Tue Nov 18 21:19:04 EST 2025 Sat Nov 29 07:22:56 EST 2025 Fri Feb 23 02:49:17 EST 2024 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Keywords | Authorization Unified security policy Data warehousing Attribute Based Access Control Meta-policy In-memory database |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c460t-33f35a3b88de58716e23d99234f9c6bc14adb7ffe1a6c45807b494f72d86f1073 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 content type line 23 |
| ORCID | 0000-0002-7420-6947 |
| OpenAccessLink | https://www.ncbi.nlm.nih.gov/pmc/articles/6818720 |
| PMID | 31662590 |
| PQID | 2287979372 |
| PQPubID | 46289 |
| PageCount | 23 |
| ParticipantIDs | pubmedcentral_primary_oai_pubmedcentral_nih_gov_6818720 proquest_miscellaneous_2310657453 proquest_journals_2287979372 crossref_citationtrail_10_1016_j_cose_2019_06_001 crossref_primary_10_1016_j_cose_2019_06_001 elsevier_sciencedirect_doi_10_1016_j_cose_2019_06_001 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-09-01 |
| PublicationDateYYYYMMDD | 2019-09-01 |
| PublicationDate_xml | – month: 09 year: 2019 text: 2019-09-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationPlace | Amsterdam |
| PublicationPlace_xml | – name: Amsterdam |
| PublicationTitle | Computers & security |
| PublicationYear | 2019 |
| Publisher | Elsevier Ltd Elsevier Sequoia S.A |
| Publisher_xml | – name: Elsevier Ltd – name: Elsevier Sequoia S.A |
| References | Aich, Mondal, Sural, Majumdar (bib0002) 2009; IV Ray, Toahchoodee (bib0034) 2007 Joshi, Bertino, Latif, Ghafoor (bib0024) 2005; 17 Becker, Fournet, Gordon (bib0005) 2010; 4 Damianou, Dulay, Lupu, Sloman (bib0013) 2001 Qi, Luo, Di, Li, Yang, Jiang (bib0029) 2016 Committee (bib0011) 2009 Bell, LaPadula (bib0006) 1976 Servos, Osborn (bib0037) 2017; 49 Jin, Sandhu, Krishnan (bib0023) 2012 Abd-Ali, Guemhioui, Logrippo (bib0001) 2015 Barker (bib0004) 2009 Fatima, Ghazi, Shibli, Abassi (bib0014) 2016; 9 Huang, Nicol, Bobba, Huh (bib0020) 2012 Sandhu, Coyne, Feinstein, Youman (bib0036) 1996; 29 Chaudhuri, Dayal (bib0009) 1997; 26 Hong, Xue, Xue, Chen, Wei, Yu, Hong (bib0018) 2018 Li, Wang, Qardaji, Bertino, Rao, Lobo, Lin (bib0027) 2009 Li, Mitchell, Winsborough (bib0026) 2002 Rajpoot, Jensen, Krishnan (bib0030) 2015 Committee (bib0010) 2015 Ferraiolo, Atluri (bib0015) 2008 Jajodia, Samarati, Sapino, Subrahmanian (bib0021) 2001; 26 Singh, Sural, Atluri, Vaidya, Yakub (bib0038) 2015 Rajpoot, Jensen, Krishnan (bib0031) 2015 Damiani, Bertino, Catania, Perlasca (bib0012) 2005 Rao, Lin, Bertino, Li, Lobo (bib0032) 2009 Hu, Ferraiolo, Kuhn, Friedman, Lang, Cogdell, Schnitzer, Sandlin, Miller, Scarfone (bib0019) 2013 Bertolissi, Fernandez (bib0008) 2014; 238 Oracle Technical Committee (bib0028) 2015 Kuhn, Coyne, Weil (bib0025) 2010; 43 Bertino, Bonatti, Ferrari (bib0007) 2001; 4 Ray, Kumar, Yu (bib0033) 2006 Sandhu, Bhamidipati, Munawer (bib0035) 1999; 2 Jin, Krishnan, Sandhu (bib0022) 2012 Aich, Sural, Majumdar (bib0003) 2007 Graham, Denning (bib0017) 1972 Ferraiolo, Atluri, Gavrila (bib0016) 2010; 57 Barker (10.1016/j.cose.2019.06.001_bib0004) 2009 Hu (10.1016/j.cose.2019.06.001_sbref0019) 2013 Sandhu (10.1016/j.cose.2019.06.001_bib0036) 1996; 29 Ray (10.1016/j.cose.2019.06.001_bib0033) 2006 Joshi (10.1016/j.cose.2019.06.001_bib0024) 2005; 17 Rajpoot (10.1016/j.cose.2019.06.001_bib0030) 2015 Qi (10.1016/j.cose.2019.06.001_bib0029) 2016 Singh (10.1016/j.cose.2019.06.001_bib0038) 2015 Huang (10.1016/j.cose.2019.06.001_bib0020) 2012 Abd-Ali (10.1016/j.cose.2019.06.001_bib0001) 2015 Li (10.1016/j.cose.2019.06.001_bib0027) 2009 Ferraiolo (10.1016/j.cose.2019.06.001_bib0016) 2010; 57 Hong (10.1016/j.cose.2019.06.001_bib0018) 2018 Jin (10.1016/j.cose.2019.06.001_bib0023) 2012 Damiani (10.1016/j.cose.2019.06.001_bib0012) 2005 Li (10.1016/j.cose.2019.06.001_bib0026) 2002 Rao (10.1016/j.cose.2019.06.001_bib0032) 2009 Committee (10.1016/j.cose.2019.06.001_sbref0010) 2015 Damianou (10.1016/j.cose.2019.06.001_bib0013) 2001 Jajodia (10.1016/j.cose.2019.06.001_bib0021) 2001; 26 Rajpoot (10.1016/j.cose.2019.06.001_bib0031) 2015 Graham (10.1016/j.cose.2019.06.001_bib0017) 1972 Ferraiolo (10.1016/j.cose.2019.06.001_bib0015) 2008 Aich (10.1016/j.cose.2019.06.001_bib0003) 2007 Chaudhuri (10.1016/j.cose.2019.06.001_bib0009) 1997; 26 Oracle Technical Committee (10.1016/j.cose.2019.06.001_sbref0028) 2015 Committee (10.1016/j.cose.2019.06.001_sbref0011) 2009 Bertino (10.1016/j.cose.2019.06.001_bib0007) 2001; 4 Fatima (10.1016/j.cose.2019.06.001_bib0014) 2016; 9 Bertolissi (10.1016/j.cose.2019.06.001_bib0008) 2014; 238 Aich (10.1016/j.cose.2019.06.001_bib0002) 2009; IV Jin (10.1016/j.cose.2019.06.001_bib0022) 2012 Kuhn (10.1016/j.cose.2019.06.001_bib0025) 2010; 43 Servos (10.1016/j.cose.2019.06.001_bib0037) 2017; 49 Sandhu (10.1016/j.cose.2019.06.001_bib0035) 1999; 2 Becker (10.1016/j.cose.2019.06.001_bib0005) 2010; 4 Bell (10.1016/j.cose.2019.06.001_bib0006) 1976 Ray (10.1016/j.cose.2019.06.001_bib0034) 2007 |
| References_xml | – start-page: 147 year: 2006 end-page: 161 ident: bib0033 article-title: LRBAC: a location-aware role-based access control model publication-title: Proceedings of the second international conference on information systems security – start-page: 187 year: 2009 end-page: 196 ident: bib0004 article-title: The next 700 access control models or a unifying meta-model? publication-title: Proceedings of the fourteenth ACM symposium on access control models and technologies – volume: 17 start-page: 4 year: 2005 end-page: 23 ident: bib0024 article-title: A generalized temporal role-based access control model publication-title: IEEE Trans Knowl Data Eng – start-page: 114 year: 2002 end-page: 130 ident: bib0026 article-title: Design of a role-based trust-management framework publication-title: Proceedings of the IEEE symposium on security and privacy – start-page: 7 year: 2012 end-page: 12 ident: bib0022 article-title: A role-based administration model for attributes publication-title: Proceedings of the first international workshop on secure and resilient architectures and systems – start-page: 3 year: 2015 end-page: 17 ident: bib0030 article-title: Attributes enhanced role-based access control model publication-title: Proceedings of the twelfth international conference on trust, privacy and security in digital business – start-page: 211 year: 2007 end-page: 226 ident: bib0034 article-title: A spatio-temporal role-based access control model publication-title: Proceedings of the twenty-first annual IFIP WG 11.3 working conference on data and applications security – start-page: 417 year: 1972 end-page: 429 ident: bib0017 article-title: Protection principles and practice publication-title: Proceedings of the American federation of information processing societies spring joint computer conference – volume: 9 start-page: 3152 year: 2016 end-page: 3166 ident: bib0014 article-title: Towards attribute-centric access control: an ABAC versus RBAC argument publication-title: Secur Commun Netw – start-page: 354 year: 2015 end-page: 362 ident: bib0001 article-title: Metamodelling with formal semantics with application to access control specification publication-title: Proceedings of the third international conference on model driven engineering and software development – volume: 26 start-page: 65 year: 1997 end-page: 74 ident: bib0009 article-title: An overview of data warehousing and OLAP technology publication-title: SIGMOD Rec – start-page: 1 year: 2018 end-page: 14 ident: bib0018 article-title: TAFC: time and attribute factors combined access control for time-sensitive data in public cloud publication-title: IEEE Trans Serv Comput – year: 2015 ident: bib0010 article-title: OASIS extensible access control markup language (XACML) – volume: 43 start-page: 79 year: 2010 end-page: 81 ident: bib0025 article-title: Adding attributes to role-based access control publication-title: IEEE Comput – start-page: 135 year: 2009 end-page: 144 ident: bib0027 article-title: Access control policy combining: theory meets practice publication-title: Proceedings of the fourteenth ACM symposium on access control models and technologies – volume: 49 year: 2017 ident: bib0037 article-title: Current research and open problems in attribute-based access control publication-title: ACM Comput Surv – volume: 57 start-page: 412 year: 2010 end-page: 424 ident: bib0016 article-title: The policy machine: a novel architecture and framework for access control policy specification and enforcement publication-title: J Syst Archit Embed Syst Des – start-page: 242 year: 2015 end-page: 249 ident: bib0031 article-title: Integrating attributes into role-based access control publication-title: Proceedings of the twenty-ninth annual IFIP WG 11.3 working conference on data and applications security and privacy – volume: 238 start-page: 187 year: 2014 end-page: 207 ident: bib0008 article-title: A metamodel of access control for distributed environments: applications and properties publication-title: Inf Comput – start-page: 221 year: 2015 end-page: 235 ident: bib0038 article-title: Managing multi-dimensional multi-granular security policies using data warehousing publication-title: Proceedings of the ninth international conference on network and system security – start-page: 18 year: 2001 end-page: 39 ident: bib0013 article-title: The ponder policy specification language publication-title: Proceedings of the workshop on policies for distributed systems and networks – year: 2013 ident: bib0019 article-title: Guide to attribute based access control (ABAC) definition and considerations (Draft) – start-page: 84 year: 2012 end-page: 96 ident: bib0023 article-title: RABAC: role-centric attribute-based access control publication-title: Proceedings of the twelfth international conference on mathematical methods, models and architectures for computer network security – volume: 29 start-page: 38 year: 1996 end-page: 47 ident: bib0036 article-title: Role-based access control models publication-title: IEEE Comput – year: 2009 ident: bib0011 article-title: A survey of access control methods – start-page: 29 year: 2005 end-page: 37 ident: bib0012 article-title: GEO-RBAC: a spatially aware RBAC publication-title: Proceedings of the tenth ACM symposium on access control models and technologies – start-page: 153 year: 2008 end-page: 154 ident: bib0015 article-title: A meta model for access control: why is it needed and is it even possible to achieve? publication-title: Proceedings of the thirteenth ACM symposium on access control models and technologies – volume: 4 start-page: 191 year: 2001 end-page: 233 ident: bib0007 article-title: TRBAC: a temporal role-based access control model publication-title: ACM Trans Inf Syst Secur – year: 1976 ident: bib0006 article-title: Secure computer systems: unified exposition and multics interpretation publication-title: Technical Report MTR-2997 – start-page: 1567 year: 2007 end-page: 1582 ident: bib0003 article-title: STARBAC: spatio temporal role based access control publication-title: Proceedings of the 2007 OTM confederated international conference on on the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS – Volume Part II – volume: 4 start-page: 619 year: 2010 end-page: 665 ident: bib0005 article-title: Design and semantics of a decentralized authorization language publication-title: J Comput Secur – start-page: 66 year: 2016 end-page: 71 ident: bib0029 article-title: Access control model based on role and attribute and its implementation publication-title: Proceedings of the international conference on cyber-enabled distributed computing and knowledge discovery – volume: IV start-page: 177 year: 2009 end-page: 199 ident: bib0002 article-title: ESTARBAC: role based access control with spatiotemporal context for mobile applications publication-title: Trans Comput Sci – start-page: 187 year: 2012 end-page: 196 ident: bib0020 article-title: A framework integrating attribute-based policies into role-based access control publication-title: Proceedings of the seventeenth ACM symposium on access control models and technologies – volume: 2 start-page: 105 year: 1999 end-page: 135 ident: bib0035 article-title: The ARBAC97 model for role-based administration of roles publication-title: ACM Trans Inf Syst Secur – start-page: 63 year: 2009 end-page: 72 ident: bib0032 article-title: An algebra for fine-grained integration of XACML policies publication-title: Proceedings of the fourteenth ACM symposium on access control models and technologies – year: 2015 ident: bib0028 article-title: Oracle database in-memory – volume: 26 start-page: 214 year: 2001 end-page: 260 ident: bib0021 article-title: Flexible support for multiple access control policies publication-title: ACM Trans Inf Syst Secur – start-page: 7 year: 2012 ident: 10.1016/j.cose.2019.06.001_bib0022 article-title: A role-based administration model for attributes – start-page: 1 year: 2018 ident: 10.1016/j.cose.2019.06.001_bib0018 article-title: TAFC: time and attribute factors combined access control for time-sensitive data in public cloud publication-title: IEEE Trans Serv Comput – volume: 29 start-page: 38 issue: 2 year: 1996 ident: 10.1016/j.cose.2019.06.001_bib0036 article-title: Role-based access control models publication-title: IEEE Comput doi: 10.1109/2.485845 – year: 1976 ident: 10.1016/j.cose.2019.06.001_bib0006 article-title: Secure computer systems: unified exposition and multics interpretation – volume: 17 start-page: 4 issue: 1 year: 2005 ident: 10.1016/j.cose.2019.06.001_bib0024 article-title: A generalized temporal role-based access control model publication-title: IEEE Trans Knowl Data Eng doi: 10.1109/TKDE.2005.1 – volume: 4 start-page: 619 issue: 8 year: 2010 ident: 10.1016/j.cose.2019.06.001_bib0005 article-title: Design and semantics of a decentralized authorization language publication-title: J Comput Secur doi: 10.3233/JCS-2009-0364 – start-page: 211 year: 2007 ident: 10.1016/j.cose.2019.06.001_bib0034 article-title: A spatio-temporal role-based access control model – start-page: 147 year: 2006 ident: 10.1016/j.cose.2019.06.001_bib0033 article-title: LRBAC: a location-aware role-based access control model – volume: 57 start-page: 412 issue: 4 year: 2010 ident: 10.1016/j.cose.2019.06.001_bib0016 article-title: The policy machine: a novel architecture and framework for access control policy specification and enforcement publication-title: J Syst Archit Embed Syst Des doi: 10.1016/j.sysarc.2010.04.005 – volume: IV start-page: 177 year: 2009 ident: 10.1016/j.cose.2019.06.001_bib0002 article-title: ESTARBAC: role based access control with spatiotemporal context for mobile applications publication-title: Trans Comput Sci – start-page: 187 year: 2012 ident: 10.1016/j.cose.2019.06.001_bib0020 article-title: A framework integrating attribute-based policies into role-based access control – start-page: 221 year: 2015 ident: 10.1016/j.cose.2019.06.001_bib0038 article-title: Managing multi-dimensional multi-granular security policies using data warehousing – start-page: 114 year: 2002 ident: 10.1016/j.cose.2019.06.001_bib0026 article-title: Design of a role-based trust-management framework – start-page: 66 year: 2016 ident: 10.1016/j.cose.2019.06.001_bib0029 article-title: Access control model based on role and attribute and its implementation – year: 2009 ident: 10.1016/j.cose.2019.06.001_sbref0011 – volume: 4 start-page: 191 issue: 3 year: 2001 ident: 10.1016/j.cose.2019.06.001_bib0007 article-title: TRBAC: a temporal role-based access control model publication-title: ACM Trans Inf Syst Secur doi: 10.1145/501978.501979 – volume: 49 issue: 4 year: 2017 ident: 10.1016/j.cose.2019.06.001_bib0037 article-title: Current research and open problems in attribute-based access control publication-title: ACM Comput Surv doi: 10.1145/3007204 – year: 2015 ident: 10.1016/j.cose.2019.06.001_sbref0010 – start-page: 242 year: 2015 ident: 10.1016/j.cose.2019.06.001_bib0031 article-title: Integrating attributes into role-based access control – volume: 43 start-page: 79 issue: 6 year: 2010 ident: 10.1016/j.cose.2019.06.001_bib0025 article-title: Adding attributes to role-based access control publication-title: IEEE Comput doi: 10.1109/MC.2010.155 – year: 2013 ident: 10.1016/j.cose.2019.06.001_sbref0019 – start-page: 63 year: 2009 ident: 10.1016/j.cose.2019.06.001_bib0032 article-title: An algebra for fine-grained integration of XACML policies – start-page: 135 year: 2009 ident: 10.1016/j.cose.2019.06.001_bib0027 article-title: Access control policy combining: theory meets practice – volume: 26 start-page: 65 issue: 1 year: 1997 ident: 10.1016/j.cose.2019.06.001_bib0009 article-title: An overview of data warehousing and OLAP technology publication-title: SIGMOD Rec doi: 10.1145/248603.248616 – start-page: 417 year: 1972 ident: 10.1016/j.cose.2019.06.001_bib0017 article-title: Protection principles and practice – start-page: 84 year: 2012 ident: 10.1016/j.cose.2019.06.001_bib0023 article-title: RABAC: role-centric attribute-based access control – start-page: 29 year: 2005 ident: 10.1016/j.cose.2019.06.001_bib0012 article-title: GEO-RBAC: a spatially aware RBAC – start-page: 18 year: 2001 ident: 10.1016/j.cose.2019.06.001_bib0013 article-title: The ponder policy specification language – volume: 9 start-page: 3152 year: 2016 ident: 10.1016/j.cose.2019.06.001_bib0014 article-title: Towards attribute-centric access control: an ABAC versus RBAC argument publication-title: Secur Commun Netw doi: 10.1002/sec.1520 – volume: 238 start-page: 187 issue: 9 year: 2014 ident: 10.1016/j.cose.2019.06.001_bib0008 article-title: A metamodel of access control for distributed environments: applications and properties publication-title: Inf Comput doi: 10.1016/j.ic.2014.07.009 – start-page: 3 year: 2015 ident: 10.1016/j.cose.2019.06.001_bib0030 article-title: Attributes enhanced role-based access control model – start-page: 1567 year: 2007 ident: 10.1016/j.cose.2019.06.001_bib0003 article-title: STARBAC: spatio temporal role based access control – start-page: 354 year: 2015 ident: 10.1016/j.cose.2019.06.001_bib0001 article-title: Metamodelling with formal semantics with application to access control specification – volume: 2 start-page: 105 issue: 1 year: 1999 ident: 10.1016/j.cose.2019.06.001_bib0035 article-title: The ARBAC97 model for role-based administration of roles publication-title: ACM Trans Inf Syst Secur doi: 10.1145/300830.300839 – start-page: 153 year: 2008 ident: 10.1016/j.cose.2019.06.001_bib0015 article-title: A meta model for access control: why is it needed and is it even possible to achieve? – start-page: 187 year: 2009 ident: 10.1016/j.cose.2019.06.001_bib0004 article-title: The next 700 access control models or a unifying meta-model? – volume: 26 start-page: 214 issue: 2 year: 2001 ident: 10.1016/j.cose.2019.06.001_bib0021 article-title: Flexible support for multiple access control policies publication-title: ACM Trans Inf Syst Secur – year: 2015 ident: 10.1016/j.cose.2019.06.001_sbref0028 |
| SSID | ssj0017688 |
| Score | 2.3543637 |
| Snippet | Over the last few years, various types of access control models have been proposed for expressing the growing needs of organizations. Out of these, there is an... |
| SourceID | pubmedcentral proquest crossref elsevier |
| SourceType | Open Access Repository Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 183 |
| SubjectTerms | Access Access control Attribute Based Access Control Attributes Authorization Data warehouses Data warehousing Decision making Enforcement Experiments In-memory database Memory Meta-policy Policies Security Specification Specifications Unified security policy Viability |
| Title | Managing attribute-based access control policies in a unified framework using data warehousing and in-memory database |
| URI | https://dx.doi.org/10.1016/j.cose.2019.06.001 https://www.proquest.com/docview/2287979372 https://www.proquest.com/docview/2310657453 https://pubmed.ncbi.nlm.nih.gov/PMC6818720 |
| Volume | 86 |
| WOSCitedRecordID | wos000483406200011&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVESC databaseName: Elsevier SD Freedom Collection Journals 2021 customDbUrl: eissn: 1872-6208 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017688 issn: 0167-4048 databaseCode: AIEXJ dateStart: 19950101 isFulltext: true titleUrlDefault: https://www.sciencedirect.com providerName: Elsevier |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV1bb9MwFLa6jQdeuCMKYzISb1WqXBxfHis0BAhNSIypb5HjOGq6Nqt6GesP4__he9MhJkDiJarsOI1yPvv48p3vAPCWyRJlmcBRijCOEMqrqGRJFlGdE0V5UMaFsfRncnZGx2P2pdf74WNhrmekbenNDVv8V1OrMmVsHTr7F-YOD1UF6rcyuroqs6vrHxk-ZB7ia5vNSkbaVVUDbnIjBnK6Ts-gOrbhw_LBpm1qPRutPVlrsDG7CJpBOvjOl3JyZQusWlM01wzdraku_QGPFzxwiSJWBlYrlyAvbOWoh0xslNBEttWSa8mkNV_sTqeWJgeBlpKeNyGO6II31dbxeptKynD_aD3b2Gj5i2bKt3zGL1eTedPdzUh2dC23xebDbHacJrPrqcXZYyvJOZR2pKYkjXAa0-5QTrtjcWIz5Di3npro7l89ht28mA51eIBm-rGhPZ7a-cfAWvxqQja0wA7TwyLGB-AoJTlT_uBo9PF0_CkcX6k1HA2i8qqBi9ayxMLb__S7GVFnxbPP1-1MgM4fgQdu5QJHFnGPQU-2T8BDb2zonMRTsPEAhLcACC0AoQMg9ACETQs5dACEAYDQ4A1qhMEOAKECIAwAhB6Az8C396fn7z5ELrlHJBCO11GW1VnOs5LSSuZ61S7TrGJquYFqJnApEsSrktS1TDgWKKcxKRFDNUkriutEOabn4LC9auULALHIaoZFGVcxQzRVU-o4y0tU5qQkQsSyDxL_gQvhlO91ApZZ4SmO00IbpdBGKSzPsw8Goc3C6r7ceXfu7Va4maudkRYKZne2O_ZGLtwQsirSlBKmZSvTPngTqtWor4_yeCvV1y70qgznBOVZH5A9cIS31brx-zVtMzH68ZjqzhO__MeXfgXu73ruMThcLzfyNbgnrtfNankCDsiYnrgO8ROAiO5I |
| linkProvider | Elsevier |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Managing+attribute-based+access+control+policies+in+a+unified+framework+using+data+warehousing+and+in-memory+database&rft.jtitle=Computers+%26+security&rft.au=Singh%2C+Mahendra+Pratap&rft.au=Sural%2C+Shamik&rft.au=Vaidya%2C+Jaideep&rft.au=Atluri%2C+Vijayalakshmi&rft.date=2019-09-01&rft.pub=Elsevier+Ltd&rft.issn=0167-4048&rft.eissn=1872-6208&rft.volume=86&rft.spage=183&rft.epage=205&rft_id=info:doi/10.1016%2Fj.cose.2019.06.001&rft.externalDocID=S0167404819301166 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon |