Security models, developed for databases, differ in many aspects because they focus on different features of the database security problem or because they make different assumptions about what constitutes a secure database. This leads to disjointed and incomplete understanding of the organizational security strategy. This makes it difficult to reconcile different security requirements Access control mechanisms of current relational database management systems are based on discretionary policies governing the accesses of a subject to data based on the subject’s identity and authorization rules.

Download PDF

References

1. E. Bertino and E. Ferrari, ―Administration Policies in a Multipolicy Authorization System,‖ Proc. 10th Ann. IFIP Working Conf. Database Security, Aug. 1997.
2. E. Bertino, S. Jajodia, and P. Samarati, ―An Extended Authorization Model,‖ IEEE Trans. Knowledge and Data Eng.vol. 9, no. 1, pp. 85-101, 1997.
3. Mansour Zand, Val Collins, Dale Caviness, ―A Survey of Current Object-Oriented Databases,‖ ACM SIGMIS Database, Volume 26 Issue 1, February 1995.
4. Elisa Bertino, ―Data Hiding and Security in Object-Oriented Databases,‖ In proceedings Eighth International Conference on Data Engineering, 338-347, February 1992.
5. Martin S. Olivier, Sebastian H. Von Solms, ―A Taxonomy for Object-Oriented Secure Databases,‖ ACM Transactions on Database Systems, Vol. 19, No. 1, Pages 3-46, March 1994.
6. Fausto Rabitti, Elisa Bertino, Won Kim, Darrell Woelk, ‖ A Model of Authorization for Next-Generation Database Systems,‖ ACM Transactions on Database Systems (TODS), Volume 16 Issue 1, March 1991.
7. Pierangela Samarati, Elisa Bertino, Alessandro Ciampichetti, Sushil Jajodia, ―Information Flow Control in Object-Oriented Systems,‖ IEEE Transactions on Knowledge and Data Engineering, vol.9, no.4, pp.524–538, July-August 1997.
8. Ahmad Baraani-Dastjerdi, Josef Pieprzyk, Reihaneh SafaviNaini, ―Security In Databases: A Survey Study,‖ Department of Computer Science, The University of Wollongong, Wollongong, Australia, February 7, 1996.
9. Sushil Jajodia, Boris Kogan, ―Integrating an ObjectOriented Data Model with Multi-Level Security,‖ Proceedings of the 1990 IEEE Computer Society Symposium on Research in Security and Privacy, 7-9, May 1990.
10. D. Elliott Bell, Leonard J. La Padula, ―Secure Computer System -Unified Exposition and Multics Interpretation,‖ Report, No. MTR- 2997, MITRE, 1976.
11. E.B. Fernandez, R.C. Summers, and C. Wood, ―Database Security and Integrity,‖ Addison-Wesley, February1981.
12. Elisa Bertino, Ravi S. Sandhu, ―Database Security - Concepts, Approaches, and Challenges,‖ IEEE Transactions on Dependable and Secure Computing, Volume 2, Issue 1, Page(s):2 –19, March 2005.
13. James M. Slack, Elizabeth A. Unger, ―A Model of Integrity for Object-Oriented Database Systems,‖ Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing: technological challenges of the 1990's, April 1992.
14. R. Fagin, ―On an Authorization Mechanism,‖ ACM Trans. Database Systems, vol.3, no.3, pp.310-319, 1978. [15] A. Eisenberg and J. Melton, ―SQL:1999, Formerly Known as SQL3,‖ SIGMOD Record, 1999.
15. Elisa Bertino, Pierangela Samarati, Sushil Jajodia, ―High Assurance Discretionary Access Control for Object Bases,‖ Proceedings of the 1st ACM conference on Computer and communications security, December 1993.
16. C. Wood and E.B. Fernandez, ―Decentralized Authorization in a Database System,‖ Proc. Conf. Very Large Databases, 1979.
17. E. Bertino, P. Bonatti, and E. Ferrari, ―TRBAC: A Temporal Role-Based Access Control,‖ ACM Trans. Information and System Security, vol. 4, no. 3, pp. 191-233, 2001.
18. Elisa Bertino, C. Bettini, Pierangela Samarati, ―A Discretionary Access Control Model with Temporal Authorizations,‖ in Proc. Of IEEE Int. Workshop on New Security Paradigms, Little Compton, Rhode Island, 1994.
19. E. Bertino and L.M. Haas, ―Views and Security in Distributed Database Management Systems,‖ Proc. Int’l Conf. Extending Database Technology, Mar. 1988.
20. S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy, ―Extending Query Rewriting Techniques for Fine-Grained Access Control,‖ Proc. ACM Sigmod Conf., June2004.
21. Joel Richardson, Peter Schwarz, Luis-Felipe Cabrera, ―CACL: Efficient Fine-Grained Protection for Objects,‖ ACM SIGPLAN Notices, conference proceedings on Object-orientedprogramming systems, languages, and applications, Volume 27 Issue 10, October 1992.
22. US Dept. of Defense, Trusted Computer System Evaluation Criteria, DOD 5200. 28-STD, Dept. of Defense, Washington, D.C., 1975.

Back