Title :
Enforcement of Purpose Based Access Control within Relational Database Management Systems
Author :
Colombo, Pietro ; Ferrari, Elena
Author_Institution :
Dipt. di Sci. Teoriche e Applicate, Univ. degli Studi dell´Insubria, Varese, Italy
Abstract :
Privacy is becoming a key requirement for ICT applications that handle personal data. However, Database Management Systems (DBMSs), which are devoted to data collection and processing by definition, still do not provide the proper support for privacy policies. Policies are enforced by ad-hoc programmed software modules that complement DBMS access control services. This practice is time consuming, error prone, and neither general nor scalable. This work does a first step to overcome these limits. We propose a systematic approach to the automatic development of a monitor that regulates the execution of SQL queries based on purpose based privacy policies. The proposed solution does not require programming, it is general, platform independent and usable with most of the existing relational DBMSs.
Keywords :
SQL; authorisation; relational databases; DBMS access control services; SQL queries; privacy policies; purpose based access control; relational database management systems; systematic approach; Access control; Analytical models; Data privacy; Databases; Monitoring; Privacy; Unified modeling language; Privacy policies; aspect oriented programming; enforcement; model driven engineering; monitor; relational database management systems;
Journal_Title :
Knowledge and Data Engineering, IEEE Transactions on
DOI :
10.1109/TKDE.2014.2312112
