Secure, Dynamic and Distributed Access Control Stack for Database Applications
نویسندگان
چکیده
In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the
منابع مشابه
Access control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کاملA Secure Real-Time Concurrency Control Protocol for Mobile Distributed Real-Time Databases
A class of security-critical applications with the requirements of timing constraints, such as wireless stock trading, power network scheduling, real-time traffic information management, etc., demand the support of mobile distributed real-time database systems. For the class of applications, mobile distributed realtime database systems must simultaneously satisfy two requirements in guaranteein...
متن کاملSeparating indexes from data: a distributed scheme for secure database outsourcing
Database outsourcing is an idea to eliminate the burden of database management from organizations. Since data is a critical asset of organizations, preserving its privacy from outside adversary and untrusted server should be warranted. In this paper, we present a distributed scheme based on storing shares of data on different servers and separating indexes from data on a distinct server. Shamir...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملFuzzy Control of Fuel Cell Distributed Generation Systems
The operation of Fuel Cell Distributed Generation (FCDG) systems in distribution systems is introduced by modeling, controller design, and simulation study of a Solid Oxide Fuel Cell (SOFC) distributed generation (DG) system. The physical model of the fuel cell stack and dynamic models of power conditioning units are described. Then, suitable control architecture based on fuzzy logic contro...
متن کامل