Title :
RBAC+: Dynamic Access Control for RBAC-Administered Web-Based Databases
Author :
Bouchahda, Ahlem ; Nhan Le Thanh ; Bouhoula, Adel ; Labbene, Faten
Author_Institution :
I3S Lab., Nice-Sophia Antipolis Univ., Nice, France
Abstract :
In a clear contrast with the phenomenal growth of Web database applications, access control issues related to data stored in the back-end databases have largely been neglected. Current approaches to access control on databases do not fit web databases because they are mostly based on individual user identities. In this paper, we propose (RBAC+), a dynamic access control model to enforce fine-grained access control to web databases. It extends the Role-Based Access Control model standard with the notions of application, application profile and sub-application session. The proposed dynamic access control model enhances the ability of detecting malicious transactions, the dominant cause that demolishes database system, by tracking application users throughout a whole session. Hence, attacks caused by malicious transactions can be detected and canceled timely before they succeed.
Keywords :
Internet; authorisation; computer crime; database management systems; RBAC administered Web based database; RBAC+; Web database application; back end database; dynamic access control; fine grained access control; malicious transaction detection; role based access control model; tracking application; user identity; Argon; Authorization; Business; Databases; Registers; RBAC; application profile; database; security;
Conference_Titel :
Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on
Conference_Location :
Venice
Print_ISBN :
978-1-4244-7517-9
Electronic_ISBN :
978-0-7695-4095-5
DOI :
10.1109/SECURWARE.2010.30
