How can systems enforce diverse security policies? This paper presents a unified framework that supports multiple access control policies within a single system, addressing the limitations of existing authorization models. The framework is based on a language that allows users to specify security policies for specific accesses. This language incorporates both positive and negative authorizations and includes notions of authorization derivation, conflict resolution, and decision strategies. Different strategies can be applied to users, groups, objects, or roles, based on security policy needs. The resulting framework offers flexibility and power, capturing traditional access control policies and real-world protection requirements often unsupported by existing systems. The major advantage is the ability to specify and enforce diverse, coexisting access control policies using the same security server.
As a publication in ACM Transactions on Database Systems, this research is focused on access control and security within database systems, aligning well with the journal's scope. The paper's proposal of a unified framework for enforcing multiple access control policies directly addresses the journal’s focus on data management and security. The framework's flexibility and applicability to real-world scenarios make it relevant to the journal's readership of database researchers and practitioners.