By Topic

A flexible database security system using multiple access control policies

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Min-A Jeong ; Res. Inst. of Electron. & Telecommun. Technol., Chonnam Nat. Univ., Kwangju, South Korea ; Jung-Ja Kim ; Yonggwan Won

Due to various requirements for user access control to large databases in hospitals and banks, database security has been emphasized. There are many security models for database systems using a wide variety of policy-based access control methods. However, they are not functional enough to meet the requirements for the complicated and various types of access control. We propose a database security system that can individually control user access to data groups of various sizes and is suitable for the situation where a user's access privilege to arbitrary data is changed frequently. Data group(s) in different sizes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices. The proposed system operates in two phases. The first phase is composed of a modified MAC (mandatory access control) model and RBAC (role-based access control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC (discretionary access control) model is applied to recontrol the 'read' mode by filtering out the nonaccessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s,d,r) were also defined and used to control access to any data or data group(s) that is not permitted in 'read' mode. With this proposed security system, more complicated 'read' access to various data sizes for individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.

Published in:

Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT'2003. Proceedings of the Fourth International Conference on

Date of Conference:

27-29 Aug. 2003