Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study
نویسندگان
چکیده
Role-based access control (RBAC) is widely used in organizations for access management. While basic RBAC concepts are present in modern systems, such as operating systems or database management systems, more advanced concepts like history-based separation of duty are not. In this work, we present an approach that validates advanced organizational RBAC policies using a model-based approach against the technical realization applied within a database. This allows a security officer to examine the correct implementation – possibly across multiple applications – of more powerful policies on the database level. We achieve this by monitoring the current state of a database in a UML/OCL validation tool. We assess the applicability of the approach by a non-trivial feasibility study.
منابع مشابه
Modelling context-aware RBAC models for mobile business processes
In a mobile computing environment, distributed business processes are executed in varying contexts. Context-aware access control mechanisms help to protect sensitive data and services in mobile application scenarios. Context constraints are a means to consider context information in access control decisions. In this paper, we integrate context constraints with process-related role-based access ...
متن کاملA Model-driven Role-based Access Control for SQL Databases
Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the...
متن کاملRewrite Specifications of Access Control Policies in Distributed Environments
We define a metamodel for access control that takes into account the requirements of distributed environments, where resources and access control policies may be distributed across several sites. This distributed metamodel is an extension of the category-based metamodel proposed in previous work (from which standard centralised access control models such as MAC, DAC, RBAC, Bell-Lapadula, etc. c...
متن کاملModeling and Inferring on Role-Based Access Control Policies Using Data Dependencies
Role-Based Access Control (RBAC) models are becoming a de facto standard, greatly simplifying management and administration tasks. Organizational constraints were introduced (e.g.: mutually exclusive roles, cardinality, prerequisite roles) to reflect peculiarities of organizations. Thus, the number of rules is increasing and policies are becoming more and more complex: understanding and analyzi...
متن کاملProtecting federated databases using a practical implementation of a formal RBAC policy - Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conferen
This paper describes the use of formally specified RBAC policies for protecting federated relational database systems that are accessed over a wide area network. The method that is described combines a formally specified RBAC policy with both temporal and locational constraints. It does not depend on any security mechanism supported by a specific DBMS and is thus portable across platforms.
متن کامل