Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

 Faouzi Jaidi, Faten Ayachi, and Adel Bouhoula

Digital Security Research Lab, Higher School of Communication of Tunis, University of Carthage, Tunisia

Abstract: Databases are considered as one of the most compromised assets according to 2014-2016 Verizon Data Breach Reports. The reason is that databases are at the heart of Information Systems (IS) and store confidential business or private records. Ensuring the integrity of sensitive records is highly required and even vital in critical systems (e-health, clouds, e-government, big data, e-commerce, etc.,). The access control is a key mechanism for ensuring the integrity and preserving the privacy in large scale and critical infrastructures. Nonetheless, excessive, unused and abused access privileges are identified as most critical threats in the top ten database security threats according to 2013-2015 Imperva Application Defense Center reports. To address this issue, we focus in this paper on the analysis of the integrity of access control policies within relational databases. We propose a rigorous and complete solution to help security architects verifying the correspondence between the security planning and its concrete implementation. We define a formal framework for detecting non-compliance anomalies in concrete Role Based Access Control (RBAC) policies. We rely on an example to illustrate the relevance of our contribution.

Keywords: Access Control, Databases Security, Formal Validation, Integrity Analysis, Conformity Verification.

Received November 11, 2016; accepted July 7, 2019

https://doi.org/10.34028/iajit/17/5/14
Read 2864 times Last modified on Wednesday, 26 August 2020 05:06
Share
Top
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…