NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Imposing Fine-grain Next Generation Access Control over Database Queries

Published

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala, Joshua D. Roberts

Abstract

In this paper we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes access control at the data level, removing the need for implementing and managing access control in applications, and/or through the use of proprietary RDBMS mechanisms. As a consequence, the same policies can protect multiple databases from queries sent from multiple applications. Furthermore, NDAC not only provides control down to the field level, but to varying fields of select rows. NDAC is unique in achieving this granularity of control without the use of generation of policy- preserving 'where' clauses and masking or data redaction techniques. Operationally, users issue wide sweeping queries and NDAC allows access to the optimal amount of data permissible for the user. The method includes an Access Manager for trapping and enforcing policy over SQL queries issued by applications and a Translator for converting SQL statements to NGAC inputs and converting NGAC authorization responses to either an access Deny or one or more permitted SQL statements.
Conference Dates
March 22-24, 2017
Conference Location
Scottsdale, AZ
Conference Title
2nd ACM Workshop on Attribute Based Access Control
Pub Type
Conferences

Download Paper

https://doi.org/10.1145/3041048.3041050

Keywords

ABAC, NGAC, Policy Machine, DBMS, Access Control
Cybersecurity and privacy and Public safety

Citation

Ferraiolo, D. , Gavrila, S. , Katwala, G. and Roberts, J. (2017), Imposing Fine-grain Next Generation Access Control over Database Queries, 2nd ACM Workshop on Attribute Based Access Control, Scottsdale, AZ, [online], https://doi.org/10.1145/3041048.3041050 (Accessed October 11, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 25, 2017, Updated November 10, 2018
Was this page helpful?