乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T10:25:57Z","timestamp":1742379957694},"reference-count":30,"publisher":"Association for Computing Machinery (ACM)","issue":"2","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Database Syst."],"published-print":{"date-parts":[[2001,6]]},"abstract":"Although several access control policies can be devised for controlling access to information, all existing authorization models, and the corresponding enforcement mechanisms, are based on a specific policy (usually the closed policy). As a consequence, although different policy choices are possible in theory, in practice only a specific policy can actually be applied within a given system. In this paper, we present a unified framework that can enforce multiple access control policies within a single system. The framework is based on a language through which users can specify security policies to be enforced on specific accesses. The language allows the specification of both positive and negative authorizations and incorporates notions of authorization derivation, conflict resolution, and decision strategies. Different strategies may be applied to different users, groups, objects, or roles, based on the needs of the security policy. The overall result is a flexible and powerful, yet simple, framework that can easily capture many of the traditional access control policies as well as protection requirements that exist in real-world applications, but are seldom supported by existing systems. The major advantage of our approach is that it can be used to specify different access control policies that can all coexist in the same system and be enforced by the same security server.<\/jats:p>","DOI":"10.1145\/383891.383894","type":"journal-article","created":{"date-parts":[[2002,7,27]],"date-time":"2002-07-27T11:29:03Z","timestamp":1027769343000},"page":"214-260","update-policy":"http:\/\/dx.doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":416,"title":["Flexible support for multiple access control policies"],"prefix":"10.1145","volume":"26","author":[{"given":"Sushil","family":"Jajodia","sequence":"first","affiliation":[{"name":"George Mason Univ., Fairfax. VA"}]},{"given":"Pierangela","family":"Samarati","sequence":"additional","affiliation":[{"name":"Univ. di Milano, Milan, Italy"}]},{"given":"Maria Luisa","family":"Sapino","sequence":"additional","affiliation":[{"name":"Univ. di Torino, Torino, Italy"}]},{"given":"V. S.","family":"Subrahmanian","sequence":"additional","affiliation":[{"name":"Univ. of Maryland, College Park"}]}],"member":"320","published-online":{"date-parts":[[2001,6]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Foundations of Deductive Databases and Logic Programming","author":"APT K.","unstructured":"APT , K. , BLAIR , H. , AND WALKER , A. 1988. Towards a theory of declarative knowledge . In Foundations of Deductive Databases and Logic Programming , J. Minker, Ed., Morgan-Kaufmann, San Mateo , Calif . APT, K., BLAIR, H., AND WALKER, A. 1988. Towards a theory of declarative knowledge. In Foundations of Deductive Databases and Logic Programming, J. Minker, Ed., Morgan-Kaufmann, San Mateo, Calif."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02341854"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/646397.691155"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/69.485637"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/646647.759410"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/306686.306687"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168605"},{"key":"e_1_2_1_8_1","first-page":"66","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif.). IEEE Computer Society Press, Los Alamitos, Calif.","author":"BRANSTAD M.","year":"1989","unstructured":"BRANSTAD , M. , TAJALLI , H. , MAYER , F. , AND DALVA , D. 1989 . Access mediation in a message passing kernel . In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif.). IEEE Computer Society Press, Los Alamitos, Calif. , pp. 66 - 72 . BRANSTAD, M., TAJALLI, H., MAYER,F.,AND DALVA, D. 1989. Access mediation in a message passing kernel. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif.). IEEE Computer Society Press, Los Alamitos, Calif., pp. 66-72."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1989.36295"},{"key":"e_1_2_1_10_1","first-page":"99","article-title":"Rights in an object-oriented environment","author":"BRUGGEMANN H. H.","year":"1992","unstructured":"BRUGGEMANN , H. H. 1992 . Rights in an object-oriented environment . In Database Security, V: Status and Prospects, North-Holland, Amsterdam, The Netherlands , pp. 99 - 115 . BRUGGEMANN, H. H. 1992. Rights in an object-oriented environment. In Database Security, V: Status and Prospects, North-Holland, Amsterdam, The Netherlands, pp. 99-115.","journal-title":"Database Security, V: Status and Prospects, North-Holland, Amsterdam, The Netherlands"},{"key":"e_1_2_1_11_1","unstructured":"CASTANO S. FUGINI M. MARTELLA G. AND SAMARATI P. 1995. Database Security. Addison-Wesley Reading Mass. CASTANO S. FUGINI M. MARTELLA G. AND SAMARATI P. 1995. Database Security. Addison-Wesley Reading Mass."},{"key":"e_1_2_1_12_1","unstructured":"DENNING D. E. LUNT T. SCHELL R. HECKMAN M. AND SHOCKLEY S. 1987. Secure distributed data view (Sea View) -the Sea View formal security policy model. Tech. rep. SRI International Menlo Park Calif. DENNING D. E. LUNT T. SCHELL R. HECKMAN M. AND SHOCKLEY S. 1987. Secure distributed data view (Sea View) -the Sea View formal security policy model. Tech. rep. SRI International Menlo Park Calif."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.5555\/882489.884198"},{"key":"e_1_2_1_14_1","first-page":"1070","volume-title":"Proceedings of the 5th International Conference and Symposium on Logic Programming","author":"GELFOND M.","year":"1988","unstructured":"GELFOND , M. AND LIFSCHITZ , V. 1988 . The stable model semantics for logic programming . In Proceedings of the 5th International Conference and Symposium on Logic Programming ( Seattle, Wash.). pp. 1070 - 1080 . GELFOND,M.AND LIFSCHITZ, V. 1988. The stable model semantics for logic programming. In Proceedings of the 5th International Conference and Symposium on Logic Programming (Seattle, Wash.). pp. 1070-1080."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1093\/logcom\/2.3.397"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/882493.884380"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/253260.253364"},{"key":"e_1_2_1_18_1","first-page":"43","volume-title":"Database Security IX: Status and Prospects","author":"JONSCHER D.","unstructured":"JONSCHER , D. , AND DITTRICH , K. R. 1996. Argos - A configurable access control system for interoperable environments . In Database Security IX: Status and Prospects , S. A. D. D. L. Spooner and J. E. Dobson, Eds., Chapman & amp; Hall, London, England, pp. 43 - 60 . JONSCHER,D.,AND DITTRICH, K. R. 1996. Argos - A configurable access control system for interoperable environments. In Database Security IX: Status and Prospects, S. A. D. D. L. Spooner and J. E. Dobson, Eds., Chapman & Hall, London, England, pp. 43-60."},{"key":"e_1_2_1_19_1","volume-title":"Foundations of Logic Programming","author":"LLOYD J. W.","unstructured":"LLOYD , J. W. 1987. Foundations of Logic Programming . Springer-Verlag , New York . LLOYD, J. W. 1987. Foundations of Logic Programming. Springer-Verlag, New York."},{"key":"e_1_2_1_20_1","first-page":"41","volume-title":"Database Security II: Status and Prospects","author":"LUNT T. F.","unstructured":"LUNT , T. F. 1989. Access control policies for database systems . In Database Security II: Status and Prospects , C. E. Landwehr, Ed., North-Holland, Amsterdam , The Netherlands , pp. 41 - 52 . LUNT, T. F. 1989. Access control policies for database systems. In Database Security II: Status and Prospects, C. E. Landwehr, Ed., North-Holland, Amsterdam, The Netherlands, pp. 41-52."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(92)90019-C"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/357162.357169"},{"key":"e_1_2_1_23_1","first-page":"193","volume-title":"Foundations of Deductive Databases","author":"PRZYMUSINSKI T.","unstructured":"PRZYMUSINSKI , T. 1988. On the declarative semantics of deductive databases and logic programs . In Foundations of Deductive Databases , J. Minker, Ed., Morgan-Kaufmann, San Mateo , Calif ., pp. 193 - 216 . PRZYMUSINSKI, T. 1988. On the declarative semantics of deductive databases and logic programs. In Foundations of Deductive Databases, J. Minker, Ed., Morgan-Kaufmann, San Mateo, Calif., pp. 193-216."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/103140.103144"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(80)90014-4"},{"key":"e_1_2_1_26_1","volume-title":"Synergy: A distributed, microkernel-based security architecture, version 1.0. Tech. rep","author":"SAYDJARI O.S.","year":"1993","unstructured":"SAYDJARI , O.S. , TURNER , S.J. , PEELE , D. E. , FARRELL , J.F. , LOSCOCCO , P. A. , KUTZ , W. , AND BOCK , G.L. 1993 . Synergy: A distributed, microkernel-based security architecture, version 1.0. Tech. rep . National Security Agency , Ft . George G. Meade, Md. SAYDJARI,O.S.,TURNER,S.J.,PEELE, D. E., FARRELL,J.F.,LOSCOCCO, P. A., KUTZ,W.,AND BOCK,G.L. 1993. Synergy: A distributed, microkernel-based security architecture, version 1.0. Tech. rep. National Security Agency, Ft. George G. Meade, Md."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/143457.143461"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.2140\/pjm.1955.5.285"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/73721.73722"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-1993-22-304"}],"container-title":["ACM Transactions on Database Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/383891.383894","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,2]],"date-time":"2023-01-02T20:17:58Z","timestamp":1672690678000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/383891.383894"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2001,6]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2001,6]]}},"alternative-id":["10.1145\/383891.383894"],"URL":"https:\/\/doi.org\/10.1145\/383891.383894","relation":{},"ISSN":["0362-5915","1557-4644"],"issn-type":[{"value":"0362-5915","type":"print"},{"value":"1557-4644","type":"electronic"}],"subject":[],"published":{"date-parts":[[2001,6]]},"assertion":[{"value":"2001-06-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}