A lattice-based approach for updating access control policies in real-time

摘要

Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately and automatically, is necessary for many dynamic environments. Examples of such environments include disaster relief and war zone. In such situations, system resources may need re-configuration or operational modes may change, necessitating a change of policies. For the system to continue functioning, the policies must be changed immediately and the modified policies automatically enforced. In this paper, we propose a solution to this problem—we consider real-time update of access control policies in the context of a database system.In our model, a database consists of a set of objects that are read and updated through transactions. Access to the data objects are controlled by access control policies which are stored in the form of policy objects. We consider an environment in which different kinds of transactions execute concurrently; some of these may be transactions updating policy objects. Updating policy objects while they are deployed can lead to potential security problems. We propose algorithms that not only prevent such security problems, but also ensure serializable execution of transactions. The algorithms differ on the degree of concurrency provided and the kinds of policies each can update.