Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

IAJIT
Archive
- Volume 20, 2023
  
  January 2023, No.1
  
  March 2023, No.2
- Volume 19, 2022
  
  January 2022, No.1
  
  March 2022, No.2
  
  May 2022, No. 3
  
  Special Issue 2022, No. 3A
  
  July 2022, No. 4
  
  September 2022, No. 5
  
  November 2022, No. 6
- Volume 18, 2021
  
  January 2021, No.1
  
  March 2021, No.2
  
  May 2021, No. 3
  
  Special Issue 2021, No. 3A
  
  July 2021, No. 4
  
  September 2021, No. 5
  
  November 2021, No. 6
- Volume 17, 2020
  
  January 2020, No.1
  
  March 2020, No. 2
  
  May 2020, No. 3
  
  July 2020, No. 4
  
  Special Issue 2020, No. 4A
  
  September 2020, No. 5
  
  November 2020, No. 6
- Volume 16, 2019
  
  January 2019, No.1
  
  March 2019, No. 2
  
  May 2019, No. 3
  
  Special Issue 2019, No. 3A
  
  July 2019, No. 4
  
  September 2019, No. 5
  
  November 2019, No. 6
- Volume 15, 2018
  
  January 2018, No.1
  
  March 2018, No. 2
  
  May 2018, No. 3
  
  Special Issue 2018, No. 3A
  
  July 2018, No. 4
  
  September 2018, No. 5
  
  November 2018, No. 6
- Volume 14, 2017
  
  January 2017, No.1
  
  March 2017, No. 2
  
  May 2017, No. 3
  
  July 2017, No. 4
  
  pecial Issue 2017, No. 4A
  
  September 2017, No 5
  
  November 2017, No. 6
- Volume 13, 2016
  
  January 2016. No.1
  
  March 2016, No. 2
  
  May 2016, No. 3
  
  July 2016, No.4
  
  September 2016, No.5
  
  November 2016, No.6
- Volume 12, 2015
  
  January 2015. No.1
  
  March 2015. No.2
  
  May 2015. No.3
  
  July 2015. No.4
  
  September 2015. No. 5
  
  November 2015. No. 6
  
  December 2015. No. 6A
- Volume 11, 2014
  
  January 2014, No.1
  
  March 2014, No.2
  
  May 2014, No.3
  
  July 2014, No.4
  
  November 2014, No.6
- Volume 10, 2013
  
  January 2013, No. 1
  
  March 2013, No.2
  
  May 2013, No. 3
  
  July 2013, No. 4
  
  November 2013, No. 6
- Volume 9, 2012
  
  January 2012, No. 1
  
  March 2012, No. 2
  
  May 2012, No. 3
  
  July 2012, No. 4
  
  September 2012, No. 5
  
  November 2012, No. 6
- Volume 8, 2011
  
  January 2011, No 1
  
  April 2011, No. 2
  
  July 2011, No. 3
  
  October 2011, No.4
- Volume 7, 2010
  
  October 2010, No. 4
  
  July 2010, No. 3
  
  April 2010, No. 2
  
  January 2010, No. 1
- Volume 6, 2009
  
  January 2009, No. 1
  
  April 2009, No. 2
  
  July 2009, No. 3
  
  October 2009, No. 4
  
  November 2009, No. 5
- Volume 5, 2008
  
  January 2008, No. 1
  
  April 2008, No.2
  
  July 2008, No. 3
  
  October 2008, No. 4
- Volume 4, 2007
  
  January 2007, No. 1
  
  April 2007, No. 2
  
  July 2007, No.3
  
  October 2007, No. 4
- Volume 3, 2006
  
  January 2006, No. 1
  
  April 2006, No. 2
  
  July 2006, No. 3
  
  October 2006, No. 4
- Volume 2, 2005
  
  January 2005, No. 1
  
  April 2005, No. 2
  
  July 2005, No. 3
  
  October 2005, No. 4
- Volume 1, 2003-2004
  
  July 2004, No. 2
  
  January 2004, No. 1
  
  July 2003, No. 0
About IAJIT
About CCIS
IAJIT Impact Factor

Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

Written by Super User
Update: 26/08/2020

font size decrease font size increase font size
Print
Email
Rate this item
- 1
- 2
- 3
- 4
- 5
(0 votes)

Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

Faouzi Jaidi, Faten Ayachi, and Adel Bouhoula

Digital Security Research Lab, Higher School of Communication of Tunis, University of Carthage, Tunisia

Abstract: Databases are considered as one of the most compromised assets according to 2014-2016 Verizon Data Breach Reports. The reason is that databases are at the heart of Information Systems (IS) and store confidential business or private records. Ensuring the integrity of sensitive records is highly required and even vital in critical systems (e-health, clouds, e-government, big data, e-commerce, etc.,). The access control is a key mechanism for ensuring the integrity and preserving the privacy in large scale and critical infrastructures. Nonetheless, excessive, unused and abused access privileges are identified as most critical threats in the top ten database security threats according to 2013-2015 Imperva Application Defense Center reports. To address this issue, we focus in this paper on the analysis of the integrity of access control policies within relational databases. We propose a rigorous and complete solution to help security architects verifying the correspondence between the security planning and its concrete implementation. We define a formal framework for detecting non-compliance anomalies in concrete Role Based Access Control (RBAC) policies. We rely on an example to illustrate the relevance of our contribution.

Keywords: Access Control, Databases Security, Formal Validation, Integrity Analysis, Conformity Verification.

Received November 11, 2016; accepted July 7, 2019

https://doi.org/10.34028/iajit/17/5/14

Full Text

Read 2958 times Last modified on Wednesday, 26 August 2020 05:06

Published in September 2020, No. 5 ( September 2020, No. 5 )

Share

Super User

Latest from Super User

More in this category: « The Performance of Penalty Methods on Tree-Seed Algorithm for Numerical Constrained Optimization Pro A Sparse Topic Model for Bursty Topic Discovery in Social Networks »