Independent revocation of access rights in database management systems

摘要

The security mechanism of a database management system must provide a means for granting and revoking access to data in the database. In current systems, when an authorizer wants to revoke some access of a user, he must determine how to change the current status of authorization to reflect the revocation. If this is determined incorrectly, the authorization status becomes invalid, and a user may gain improper access to data. It would be preferable if the authorizer were able to simply specify the access that should be revoked, and let the system determine what changes should be made to reflect the revocation. In such a system, the work required by the authorizer is miminized, as is the chance of error.This paper discusses this method of revocation, which we refer to as independent revocation (since the revocation is specified independent of the current status of authorization).