Skip to Main Content
This paper presents a novel criterion-based access control approach to deal with multilevel database security. In this approach, authorization rules are transformed to security criteria, security criterion expressions, and security criterion subsets. Security criterion expressions are associated with (sub) objects to serve as locks, and security criteria are associated with users to serve as keys. The fine-grained multilevel access control is achieved by using the available security criteria (keys) to evaluate the security criterion expressions (locks). Whether an (sub) object such as a cell, a row, a column, or a table is accessible to a user depends on the evaluation values of the relevant security criterion expressions.