![]() | Only 14 pages are availabe for public view |
Abstract Databases are basis of E-commerce, and Enterprise Resource Planning (ERP) and other applications using sensitive data. There are many threats that bluster these databases such as violation of confidentiality, violation of integrity and denial of service .So providing security for database is an important requirement for organizations running the database. Database security techniques depends on detection and preventing of these violations. There are many countermeasures to ensure security in the database such as access control, flow control, inference control, authentication and encryption. Each countermeasure provide a set of mechanisms and models to provide security to databases against a predefined threats. Access control models are important requirement to ensure confidentiality in relational database systems. Many models have been proposed for controlling access to database objects such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC) and query modification model. Each of these models have many limitations which may result in many problems to the database related to the performance and size of the database or to keeping the database confidentiality. In this thesis, a model that control access to database is proposed which is based on query modification and role based access control. While RBAC is used to specify the security policy, the query modification modifies the user queries according to the roles granted to him. The RBAC schema is used to store the privacy Meta Data instead of associating a disclosure table with each table in the database which reduces the database size and therefore reduces the query execution times. Also it reduces the administration and maintenance overhead of the user policy specially in the case of changing the application Requirements. In addition, it is independent on the back end database used and includes Insert, Update, and Delete statements in the modification. A set of experiments have been conducted on a sample database. The obtained results show that the proposed model reduced the execution time as a result of reducing the database size compared to the query modification of Hippocratic database that associate a disclosure table with each table in the database to store the privacy meta data. |