We present a data-dependent access control approach to RDBMSs. The approach is based on a logical language that enables us to administer access control policies in a formal and simple way. The language expresses authorization rules depending on values, types and semantics of the data elements common to the relational data model. We describe several data-dependent access control policies in a medical information system by employing our framework. Based on the descriptions, finally, we compare the complexities of policy administration in currently available access control mechanisms, namely, view-based, query-modification and improved-query-modification.
展开▼