Access Control: Principles and Solutions

S. De Capitani di Vimercati and S. Paraboschi, DTI–Università di Milano, Italy

Pierangela Samarati, DIGI–Università di Bergamo, Italy

Introduction

Access Control Policies

Access Control in Operating Systems

Access Control in Linux

Access Control in Windows

Access Control in Database Management Systems

Security Features of SQL

Access Control for Internet-Based Solutions

TCPD

Apache Access Control

Java 2 Security Model

Conclusions

Acknowledgments

Glossary

Cross References

References

INTRODUCTION

An important requirement of any system is to protect its data and resources against unauthorized disclosure (secrecy or confidentiality) and unauthorized or improper modifications (integrity), while at the same time ensuring their availability to legitimate users (no denial-of-service or availability) (Samarati & De Capitani di Vimercati, 2001). The problem of ensuring protection has existed since information has been managed. However, as technology advances and information management systems become more and more powerful, the problem of enforcing information security also becomes more critical. The increasing development of information and communication technology has led to the widespread use of computer systems to store and transmit information of every kind, offering concrete advantages in terms of availability and flexibility but at the same time posing new serious security threats and increasing the potential damage that violations may cause. ...