Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model

V. Y. Slolyaninov

Geodesic

Parcourir par

Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model

V. Y. Slolyaninov

Prikladnaâ diskretnaâ matematika, no. 2 (2014), pp. 48-78.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

In this paper, the MS SQL Server access control model, based on the DBMS DP-model, is introduced. For taking into account the access control features of Microsoft SQL Server, the model includes roles, permissions to user accounts and roles, ownership chaining, user impersonation and activating procedures and triggers on behalf of the specified user accounts. The statement of the equivalence of the possibilities to execute arbitrary SQL-code on behalf of a specified account and to obtain the right of its impersonation is proved. Some necessary and sufficient conditions for obtaining and granting access rights by entities in the absence of cooperation between sessions are proved.

Keywords: computer security, MS SQL Server access control model, database management system.

@article{PDM_2014_2_a4,
     author = {V. Y. Slolyaninov},
     title = {Analysis of the conditions for granting and obtaining access rights in the {MS} {SQL} {Server} access control model},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {48--78},
     publisher = {mathdoc},
     number = {2},
     year = {2014},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2014_2_a4/}
}

TY  - JOUR
AU  - V. Y. Slolyaninov
TI  - Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2014
SP  - 48
EP  - 78
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2014_2_a4/
LA  - ru
ID  - PDM_2014_2_a4
ER  -

%0 Journal Article
%A V. Y. Slolyaninov
%T Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model
%J Prikladnaâ diskretnaâ matematika
%D 2014
%P 48-78
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2014_2_a4/
%G ru
%F PDM_2014_2_a4

V. Y. Slolyaninov. Analysis of the conditions for granting and obtaining access rights in the MS SQL Server access control model. Prikladnaâ diskretnaâ matematika, no. 2 (2014), pp. 48-78. http://geodesic.mathdoc.fr/item/PDM_2014_2_a4/

Bibliographie
Cité par

[1] Devyanin P. N., “Rolevaya DP-model upravleniya dostupom i informatsionnymi potokami v operatsionnykh sistemakh semeistva Linux”, Prikladnaya diskretnaya matematika, 2012, no. 1(15), 69–90

[2] Kolegov D. N., Diskretsionnaya model bezopasnosti upravleniya dostupom i informatsionnymi potokami v kompyuternykh sistemakh s funktsionalno ili parametricheski assotsiirovannymi suschnostyami, Dis. $\dots$ kand. tekhn. nauk, Tomsk, 2009

[3] Smolyaninov V. Yu., “Pravila preobrazovaniya sostoyanii SUBD DP-modeli”, Prikladnaya diskretnaya matematika, 2013, no. 1(18), 50–68

[4] Bruchez R., Microsoft SQL Server 2012 Security Cookbook, Pact Publishing, 2012, 307 pp.