DATABASE ACCESS-CONTROL POLICY ENFORCEMENT USING REVERSE QUERIES

DATABASE ACCESS-CONTROL POLICY ENFORCEMENT USING REVERSE QUERIES

A method of providing access control to a database accessible from a user interface is implemented at a policy enforcement point (12), which is located between the database and the user interface and comprises the steps of: (i) intercepting a database query from a user; (ii) assigning attribute valu...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: RISSANEN, Erik
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method of providing access control to a database accessible from a user interface is implemented at a policy enforcement point (12), which is located between the database and the user interface and comprises the steps of: (i) intercepting a database query from a user; (ii) assigning attribute values on the basis of a target table or target column in the query, a construct type in the query, or the user or environment; (iii) partially evaluating an access-control policy (P) defined in terms of said attributes, by constructing a partial policy decision request containing the attribute values assigned in step ii) and evaluating the AC policy for this, whereby a simplified policy (P') is obtained; (iv) deriving an access condition, for which the simplified policy permit access; and (v) amending the database query by imposing said access condition and transmitting the amended query (Q') to the database.