TRDBAC: Temporal reflective database access control

by Kyaw T
Database systems are one of the core components in any organization. As the size of the organization grows the complexity and data in the databases also grows rapidly. Besides other database security features, the access control mechanism should be flexible enough to implement different types of access control policies periodically. Furthermore, it is also important to maintain the consistency in the access control mechanism of the database system.Database access control policies can become extremely complicated and complex in largedatabases such as hospital medical systems, banks and enterprise resource planning systems of large enterprises etc. The complexity in access control policies may results in security breaches if the policies are ambiguous, not well defined and implemented incorrectly. e.g. HSBC database security breach reported in year 2006 in which an ex-employee swiped away almost 24,000 customers accounts due to incorrect access policies. The access control policies define the rights and privileges of users on database objects. In order to keep these database systems secure, the database security should provide controlled, protected access to the contents of a database as well as preserve the integrity, consistency, and overall quality of the data. In order to implement the consistent databaseaccess control policies, a number of models have been developed by the database security community such as, discretionary (DAC) and mandatory (MAC) access control models, role-based access control model (RBAC), reflective database access control (RDBAC). RDBAC is a relatively new and more expressive access control model that provides a more fine-grained level control than the previous models. Move over database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control matrix. In this paper, we propose Temporal Reflective Database Access Control (TRDBAC)- a new access control policy designed to address a limitation of RDBAC: the inability to express time-constraints, just as TRBAC extends RBAC to incorporate the notion of time.

 

Reaction

The access control mechanism enables controlled access to subjects on objects in database systems. It is nice to have more security because the database systems faces many threats such as internal threats (threats from inside an organization) and external threats (threats from outside the organization). These threats then leads to different security breaches such as unauthorized data observation, incorrect data modification and data unavailability etc. For example, many organization of varying domain such as healthcare, banking systems suffers significant loss in terms of both financial and resources as a consequence of unauthorized data observation. This is the result of having insecure database systems and policies. Having a secure database system can help companies and organization a lot but at the same time, a bad database system or insecure one can damage companies and organization too. So, having a secure database system is important.

 

Rashi, Z., Basit, A., & Anwar, Z. ( 201). Trdbac: Temporal reflective database access control. Emerging Technologies (ICET), 2010 6th International Conference on , 337 – 342. doi: 10.1109/ICET.2010.5638465