An Approach for Enhancing Data Access Security in Heterogeneous Database Systems

Abstract

Objectives: This paper proposes an enhanced data access security approach to allow virtual private database security mechanism in heterogeneous multi-tier applications regardless of the data access security features provided by each database management system. Methods/Statistical Analysis: An implementation of Data Access Layer has been done respecting the proposed approach. This implementation enhances Microsoft’s Entity Framework that is widely used in commercial multi-tier database applications as a Data Access Layer. Accordingly, it’s overloaded by the required functionality including query modification and data validation. The output assembly then is tested in a typical HR database application that targets three different DBMS’s (SQL Server, MySQL, Oracle) with exactly same database state. A time measurement takes place to evaluate the processing cost of issuing CRUD operations compared with the same application architecture without using the proposed approach (e.g. relying on the row-level security provided by Oracle on the DBMS level). Findings: An illustrated case study respecting the proposed approach shows its scalability, reliability and efficiency. It allows data access security in both homogenous and heterogeneous database applications. On the other hand, the results show that the cost of processing both of data retrieval and data manipulation operations respecting predefined data access security policies of the proposed approach compared with Oracle VPD are reduced by around 59% and 57% respectively. Application/Improvements: As presented in the illustrative case study, the proposed approach can be easily applied and reused in any modern heterogeneous multi-tier database application. It allows defining data access security policies regardless of the target database management system type. Also, the results show an improvement in the processing cost of the proposed approach compared with the Oracle virtual private database with both data retrieval and data manipulation operations. Keywords: Data Privacy; Data Access; Database; Heterogeneous Database Applications