Abstract
The large deployment of the NIST RBAC model has initiated popular research topics such as administration, risk awareness, inner threats detection, etc. Our research works are in the context of integrity verification and optimization of role based access control policies. In this paper, we introduce a synthesis of the problem of access control policy integrity within relational databases. We address three vulnerabilities that can corrupt an access control policy. (1) The evolution of extensions of RBAC model to a finer granularity makes the management of the policy more difficult. (2) The exposure of the policy at the RDBMS level to illegal updates or paradoxically access made by authorized users. (3) The decorrelation of the policy, once implemented in the DBMS from its initial specification that allows any updating of the policy without the ability to control its evolution. More, the paper defines a framework for organizing thinking about validating the compliance of low level access control policies.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
