• DocumentCode
    36190
  • Title

    Enforcement of Purpose Based Access Control within Relational Database Management Systems

  • Author

    Colombo, Pietro ; Ferrari, Elena

  • Author_Institution
    Dipt. di Sci. Teoriche e Applicate, Univ. degli Studi dell´Insubria, Varese, Italy
  • Volume
    26
  • Issue
    11
  • fYear
    2014
  • fDate
    Nov. 2014
  • Firstpage
    2703
  • Lastpage
    2716
  • Abstract
    Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.
  • Keywords
    SQL; authorisation; relational databases; DBMS access control services; SQL queries; privacy policies; purpose based access control; relational database management systems; systematic approach; Access control; Analytical models; Data privacy; Databases; Monitoring; Privacy; Unified modeling language; Privacy policies; aspect oriented programming; enforcement; model driven engineering; monitor; relational database management systems;
  • fLanguage
    English
  • Journal_Title
    Knowledge and Data Engineering, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    1041-4347
  • Type

    jour

  • DOI
    10.1109/TKDE.2014.2312112
  • Filename
    6767117
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=36190