Acceso al sitio web del Consejo de Políticas de Infraestructura

   
Redirigiendo al acceso original de articulo en 20 segundos...
ARTÍCULO
TITULO

A Model-driven Role-based Access Control for SQL Databases

Raimundas Matulevicius    
Henri Lakk    

Resumen

Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system?s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.

PÁGINAS
pp. 35 - 62

 Artículos similares

       
 
Carlos Blanco, Antonio Santos-Olmo and Luis Enrique Sánchez    
As the Internet of Things (IoT) becomes more integral across diverse sectors, including healthcare, energy provision and industrial automation, the exposure to cyber vulnerabilities and potential attacks increases accordingly. Facing these challenges, th... ver más
Revista: Information

 
Md Momin Al Aziz, Md Toufique Morshed Tamal and Noman Mohammed    
Fully homomorphic encryption (FHE) cryptographic systems enable limitless computations over encrypted data, providing solutions to many of today?s data security problems. While effective FHE platforms can address modern data security concerns in unsecure... ver más
Revista: Information

 
Shweta More, Moad Idrissi, Haitham Mahmoud and A. Taufiq Asyhari    
The rapid proliferation of new technologies such as Internet of Things (IoT), cloud computing, virtualization, and smart devices has led to a massive annual production of over 400 zettabytes of network traffic data. As a result, it is crucial for compani... ver más
Revista: Algorithms

 
Gursu Gurer, Yaser Dalveren, Ali Kara and Mohammad Derawi    
The automatic dependent surveillance broadcast (ADS-B) system is one of the key components of the next generation air transportation system (NextGen). ADS-B messages are transmitted in unencrypted plain text. This, however, causes significant security vu... ver más
Revista: Aerospace

 
Aurelia Scarano, Teodoro Semeraro, Antonio Calisi, Roberta Aretano, Caterina Rotolo, Marcello S. Lenucci, Angelo Santino, Gabriella Piro and Monica De Caroli    
This study explores the potential application of tomato fruit production within the agrivoltaic system, aiming to evaluate its contribution to food security in the context of climate change. Specifically, the study compares tomato cultivation under agriv... ver más
Revista: Applied Sciences