Abstract
In a computing environment where access to system resources is controlled by an access control policy and execution of database transactions is dictated by database locking policy, interaction between the two policies can result in constraints restricting execution of transactions. We present a methodology for the verification of database transaction requirements in a Role Based Access Control (RBAC) environment. Specifically, we propose a step by step approach for the extraction of implicit requirements of a database transaction, and present a mechanism whereby these requirements can be verified against an RBAC policy representation. Based on the requirements of database transaction, we define feasible states of the access control policy which allow the transaction to be executed. We also illustrate the interaction of multiple database transactions executing in a single security environment. Finally, we define conditions in an access control policy, which allow the execution of a database transaction without relying on the underlying database locking policy for serializability and deadlock avoidance.
