A Model-driven Role-based Access Control for SQL Databases

Raimundas Matulevicius

Henri Lakk

Resumen

Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system?s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

Acceso

P�GINAS

pp. 35 - 62

N�MERO

N�mero: 3 Parte: 0 (2015)

MATERIAS

INGENIER�A Y CONSTRUCCI�N CIVIL
TECNOLOG�A

REVISTAS SIMILARES

Water
Information
Applied Sciences

DOI

https://doi.org/10.7250/csimq.2015-3.03

Art�culos similares

IT Risk Management: Towards a System for Enhancing Objectivity in Asset Valuation That Engenders a Security Culture

Acceso

Bilgin Metin, Sefa Duran, Eda Telli, Meltem Mutlut�rk and Martin Wynn

In today?s technology-centric business environment, where organizations encounter numerous cyber threats, effective IT risk management is crucial. An objective risk assessment?based on information relating to business requirements, human elements, and th... ver m�s

Revista: Information

Preventing Catastrophic Cyber?Physical Attacks on the Global Maritime Transportation System: A Case Study of Hybrid Maritime Security in the Straits of Malacca and Singapore

Acceso

Adam James Fenton

This paper examines hybrid threats to maritime transportation systems and their governance responses; focusing on the congested Straits of Malacca and Singapore (SOMS) as an illustrative case study. The methodology combines secondary sources with primary... ver m�s

Revista: Journal of Marine Science and Engineering

QISS: Quantum-Enhanced Sustainable Security Incident Handling in the IoT

Acceso

Carlos Blanco, Antonio Santos-Olmo and Luis Enrique S�nchez

As the Internet of Things (IoT) becomes more integral across diverse sectors, including healthcare, energy provision and industrial automation, the exposure to cyber vulnerabilities and potential attacks increases accordingly. Facing these challenges, th... ver m�s

Revista: Information

A Radio Frequency Fingerprinting-Based Aircraft Identification Method Using ADS-B Transmissions

Acceso

Gursu Gurer, Yaser Dalveren, Ali Kara and Mohammad Derawi

The automatic dependent surveillance broadcast (ADS-B) system is one of the key components of the next generation air transportation system (NextGen). ADS-B messages are transmitted in unencrypted plain text. This, however, causes significant security vu... ver m�s

Revista: Aerospace

Secure Genomic String Search with Parallel Homomorphic Encryption

Acceso

Md Momin Al Aziz, Md Toufique Morshed Tamal and Noman Mohammed

Fully homomorphic encryption (FHE) cryptographic systems enable limitless computations over encrypted data, providing solutions to many of today?s data security problems. While effective FHE platforms can address modern data security concerns in unsecure... ver m�s

Revista: Information

Revistas destacadas

Acceso directo a los n�meros publicados en la revista Infrastructures

Infrastructures

Acceso directo a los n�meros publicados en la revista Informed Infraestructure

Informed Infraestructure

Acceso directo a los n�meros publicados en la revista BiT

Acceso directo a los n�meros publicados en la revista Revista de la Construcci�n

Revista de la Construcci�n

Ver todas las revistas disponibles