Access Control for Databases: Concepts and Systems

As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity and availability specifically tailored to database systems must be adopted. In this respect, over the years, the database security community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability. However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security concerns, the "disintermediation" of access to data, new computing paradigms and applications, such as grid-based computing and on-demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control (RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML. We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.

There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques.

Security policy enforcement is instrumental in preventing the unauthorized disclosure of sensitive data, protecting the integrity of vital data, mitigating the likelihood of fraud, and ultimately enabling the secure sharing of information. In accessing a given resource, policy may dictate, for example that a user has a need-to-know, is appropriately cleared, is competent, has not already performed a different operation on the same resource, the resource was previously accessed by a different user, is incapable of accessing other enterprise resources, or is capable of accessing an object or any copy of the object while performing a specific task. Currently, there exist a rich set of formal security models that can translate organizational policies. A small sample of well documented policies include, avors of Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), ORCON, Chinese wall, and History-Based Separation of Duty. Enterprise policies that are designed to protect resources are also ad-hoc in nature.As a major component of any operating system or application, access control mechanisms come in a wide variety of forms, each with their individual method for authentication, access control data constructs for specifying and managing policy, and functions for making access control decisions and enforcement of policies. Of the numerous recognized access control policies, today's OSs rigidly limit enforcement to a small subset of known policies. Policies are also routinely accommodated through the implementation of access control mechanisms within applications. Prominent among these applications are database management systems, but these applications can also include a number of smaller applications such as enterprise calendars, time and attendance, and workflow management. Essentially, any application that requires a user's authentication, typically also affords an independent access control service. Not only do these applications further aggravate identity and privilege management problems, applications can also undermine policy enforcement objectives. For instance, although a file management system may narrowly restrict user access to a specific file, chances are the content of that file can be copied to an attachment or a message and mailed to anyone in the organization, or for that matter, the world.In consideration of these issues an important question is raised - does a Meta model exist that can serve as a unifying framework for specifying and comprehensively enforcing any access control policy? Some may argue that convergence towards a Meta model is already underway. For example, RBAC, and XACML have been shown effective in their specification and enforcement of access control policies and have been applied in providing interoperable protection.Is RBAC fundamental to access control and can it eventually be extended and tinkered with to accommodate any policy? RBAC has already been shown to be able to be configured to enforce both DAC and MLS. And, since RBAC was formally proposed in the early and mid 90's a large number of extensions to the RBAC model have been proposed to accommodate a wide variety of policy issues and applications. The question here is - are these extensions getting closer to a Meta model or are we making it up as we go along.At SACMAT 2005, NIST had proposed an access control framework, referred to as the Policy Machine (PM) that has been shown to accommodate a wide variety of access control policies including DAC, MAC, and RBAC. Since that publication the PM has been refined and to demonstrate its viability in specifying and enforcing a wide variety of attribute-based policies, NIST has developed a reference implementation. However, some have suggested that the basic relations of the PM are similar to that of RBAC and that its other policy appeasing relations and functions could be applied in extending the RBAC model.In addressing the interoperability problem and the policy exibility problem the XACML policy specification language has been growing in recognition and its use. Can this approach to access control be adopted or can it evolve as the Meta model? XACML's current focus is on providing access control that is interoperable among applications. As currently specified and applied XACML has does not deal with all types of objects, for example files in an operating system. It is not comprehensive (e.g., It would not prevent the leakage of a sensitive object to an unauthorized principle through copying and past to an email message that could be sent to anyone in the world).In addition to discussions related to the above technologies, this panel will address two fundament questions. What practical good can the existence of a Meta Model Provide? And, is it even possible for a Meta model to be developed given the large diversity and types of access control policies?

The enforcement of access control policies using cryptography has received considerable attention in recent years and the security of such enforcement schemes is increasingly well understood. Recent work in the area has considered the efficient enforcement of temporal and geo-spatial access control policies, and asymptotic results for the time and space complexity of efficient enforcement schemes have been obtained. However, for practical purposes, it is useful to have explicit bounds for the complexity of enforcement schemes. In this article we consider interval-based access control policies, of which temporal and geo-spatial access control policies are special cases. We define enforcement schemes for interval-based access control policies for which it is possible, in almost all cases, to obtain exact values for the schemes' complexity, thereby subsuming a substantial body of work in the literature. Moreover, our enforcement schemes are more practical than existing schemes, in the sense that they operate in the same way as standard cryptographic enforcement schemes, unlike other efficient schemes in the literature. The main difference between our approach and earlier work is that we develop techniques that are specific to the cryptographic enforcement of interval-based access control policies, rather than applying generic techniques that give rise to complex constructions and asymptotic bounds.

The management of access control (AC) policies in open distributed systems (ODS), like the Grid, P2P systems, or Virtual Repositories (databases or data grids) can take two extreme approaches. The first extreme approach is a centralized management of the policy (that still allows a distribution of AC policy enforcement). This approach requires a full trust in a central entity that manages the AC policy. The second extreme approach is fully distributed: every ODS participant manages his own AC policy. This approach can limit the functionality of an ODS, making it difficult to provide synergetic functions that could be designed in a way that would not violate AC policies of autonomous participants. This paper presents a method of AC policy management that allows a partially trusted central entity to maintain global AC policies, and individual participants to maintain own AC policies. The proposed method resolves conflicts of the global and individual AC policies. The proposed management method has been implemented in an access control system for a Virtual Policy that is used in two European 6th FP projects: eGov-Bus and VIDE. The impact of this access control system on performance has been evaluated and it has been found that the proposed AC method can be used in practice.

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the access to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control policies and with a rigorously defined denotational semantics. The framework enables the automated verification of properties regarding both the authorisations enforced by single policies and the relationships among multiple policies. Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers. Our analysis approach explicitly addresses some crucial aspects of policy evaluation, such as missing attributes, erroneous values and obligations, which are instead overlooked in other proposals. The framework is supported by Java-based tools, among which an Eclipse-based IDE offering a tailored development and analysis environment for FACPL policies and a Java library for policy enforcement. We illustrate the framework and its formal ingredients by means of an e-Health case study, while its effectiveness is assessed by means of performance stress tests and experiments on a well-established benchmark.

In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. In this paper, we propose an approach that exploits the semantics associated with subject and object attributes to facilitate automatic enforcement of organizational access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by external users to gain access to a specific organizational object (or service). Specifically, it consists of extracting user attribute sets that semantically match with the attributes of the objects for which a role has permissions. This relies on a closer examination of why a user is assigned a specific role. These attribute sets are first pruned based on their significance in characterizing a role, which are then checked against those submitted by an external user to decide whether to allow or deny access to the specific object. While our goal in this paper is to support coalition based access control, the proposed approach can also aid in automating the process of role engineering.

Applying access control is a well-known approach for securing programs. Access control policies can be modeled and then enforced into the existing program code. A major difficulty is to translate policy models into compatible format with the program code to be secured. In this paper, a new approach for automatic translation and enforcement of View-based access control policies into Java program text is presented.

In today’s world, data is generated at a very rapid speed and final destination of such data is the database. Database securityassures the security of the information stored in the database against threats, be it insider or outsider threats. Data is stored in the database for easy and efficient way to manage these data. Considering the importance of data in an organization, it isabsolutely essential to secure the data stored in the database. A secure database is one which is shielded from different possibleattacks. For data protection, enforcement of access control policies based on data contents, subject qualifications and characteristics and other relevant contextual information, such as time mechanisms are used. Security models are required in thedesign and development of effective and efficient database systems. In this work, some of the attacks and threats that areencountered in database systems and the corresponding counter-measures, as well control methods were discussed. Ensuringsecurity for database is a very critical issue for companies. Hence as the complexity of database increases, we may tend to havemore complex security issues of database. The effectiveness of the developed system in protecting data stored in a database wasdemonstrated by attempting some attacks on the database. The system was able to thwart the attacks.

The domain of access control has long suffered from a lack of expressiveness in specifying access control policies. Recent approaches have leveraged contextual fingerprinting to formulate access control frameworks for both generating and enforcing access control policies. However, effectively and automatically identifying the context attributes relevant for access has proven challenging and cumbersome. An approach that shows promise in supporting more expressive and easy-to-use attribute-based access control relies on recent advances in continuous neighbor discovery protocols and low cost wireless communication technologies such as Bluetooth Low Energy (BLE). These technologies have created opportunities to build smart environments that can seamlessly and inexpensively provide rich contextual data. These capabilities have the potential to enable new transparent and automatic approaches to defining and evaluating access control policies for mobile users and for detecting anomalous access patterns in smart environments. In this paper, we present the LAD framework that uses raw contextual data available via technologies such as BLE to derive real-time attributes defined by the presence of mobile and static nodes in the nearby environment. Based on user interactions in these environments, our framework learns appropriate access control policies and enforces these policies based on attributes that change in real-time as users move in the smart environment.

Recent studies show that more than 65% of the network vulnerabilities are due to misconfigured network access control. Arbor Networks in their ISP survey shows that managing access control is the top challenge in ISP networks today, which creates major reachability and security violations such as unauthorized access/traffic, backdoors and increasing attack surface [1]. Access control exists in network devices such as routers, firewall and IPSec gateways and application-level such RBAC systems and authorization servers. The wide distribution of large number of access control configurations that usually exhibit different syntactic and semantic behavior in highly dynamic network environments creates real challenges for verifying, evaluating and enforcing access control policies. Thus, there is a pressing need for models and tools that allow for global end-toend analysis of access control by integrating network and application-level access control in a single framework from design, verification and optimization to evaluation and deployment. These frameworks should also provide quantitative means to design and evaluate access control automatically and objectively [2, 3]. In addition, as security risk is dynamically changing in networks due to new threats or users' behavior, enabling proactive access control will play an important role in future network defense. In this talk, I will present the state-of-the-art and discuss future challenges of designing, verification and evaluation of access control policies.

An aspect-based approach to modeling access control concerns

In today's world, information security of an organization has become a major challenge as well as a critical business issue. Managing and mitigating these internal or external security related issues, organizations hire highly knowledgeable security expert persons. Insider threats in database management system (DBMS) are inherently a very hard problem to address. Employees within the organization carry out or harm organization data in a professional manner. To protect and monitor organization information from insider user in DBMS, the organization used different techniques, but these techniques are insufficient to secure their data. We offer an autonomous approach to self-protection architecture based on policy implementation in DBMS. This research proposes an autonomic model for protection that will enforce Access Control policies, Database Auditing policies, Encryption policies, user authentication policies, and database configuration setting policies in DBMS. The purpose of these policies to restrict insider user or Database Administrator (DBA) from malicious activities to protect data.

Conversational user interfaces (CUIs), such as chatbots, are becoming a common component of many software systems. Although they are evolving in many directions (such as advanced language processing features, thanks to new AI-based developments), less attention has been paid to access control and other security concerns associated with CUIs, which may pose a clear risk to the systems they interface with. In this paper, we apply model-driven techniques to model and enforce access-control policies in CUIs. In particular, we present a fully fledged framework to integrate the role-based access-control (RBAC) protocol into CUIs by: (1) modeling a set of access-control rules to specify permissions over the bot resources using a domain-specific language that tailors core RBAC concepts to the CUI domain; and (2) describing a mechanism to show the feasibility of automatically generating the infrastructure to evaluate and enforce the modeled access control policies at runtime.

Recently, an access control for XML database is one of the key issues in database security. Given an access control policy and a query expression, static analysis determines whether the query does not access any elements nor attributes that are prohibited by the access control policies. In a related work, policies and queries were modeled as regular sets of paths in trees. However, this model loses information on the structure of the trees, and some policies cannot be represented by the model accurately. In this paper, we propose a formal model for access control of XML databases and provide a static analysis method based on tree automata theory. Both an access control policy and a query are modeled as tree automata, and a policy is provided with two alternative semantics; AND-semantics and OR-semantics. We investigate the computational complexity of the static analysis problem, and show that the problem in AND-semantics is solvable in square time while the problem in OR-semantics is EXPTIME-complete.