Design for dynamic user-role-based security

Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.

[1]  T. C. Ting A User-Role Based Data Security Approach , 1988, Database Security.

[2]  Nancy R. Jensen,et al.  System Security Officer Functions in the A1 Secure DBMS , 1988, Database Security.

[3]  Umeshwar Dayal,et al.  The architecture of an active database management system , 1989, SIGMOD '89.

[4]  Thomas Anderson Safe and Secure Computing Systems , 1989 .

[5]  Selim G. Akl,et al.  Views for Multilevel Database Security , 1986, 1986 IEEE Symposium on Security and Privacy.

[6]  T. C. Ting,et al.  Requirements, Capabilities, and Functionalities of User-Role Based Security for an Object-Oriented Design Model , 1991, DBSec.

[7]  Teresa F. Lunt,et al.  Current Issues in Statistical Database Security , 1991, Database Security.

[8]  Narain H. Gehani,et al.  Event specification in an active object-oriented database , 1992, SIGMOD '92.

[9]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[10]  Frederick H. Lochovsky,et al.  Role-Based Security in Data Base Management Systems , 1988, DBSec.

[11]  Hamid Pirahesh,et al.  Extensions to Starburst: objects, types, functions, and rules , 1991, CACM.

[12]  Abraham Silberschatz,et al.  Database System Concepts , 1980 .

[13]  Eric K. Clemons,et al.  Efficiently monitoring relational databases , 1979, ACM Trans. Database Syst..

[14]  Marshall D. Abrams,et al.  Computer access control policy choices , 1990, Comput. Secur..

[15]  Eduardo B. Fernández,et al.  Database security , 1990, SGMD.

[16]  Teresa F. Lunt,et al.  Security in database systems: A research perspective , 1992, Comput. Secur..

[17]  Gerhard Steinke,et al.  Design aspects of access control in a knowledge base system , 1991, Comput. Secur..

[18]  Eduardo B. Fernandez,et al.  Database Security and Integrity , 1981 .

[19]  J. G. Strong,et al.  Low vision services: a model for sequential intervention and rehabilitation. , 1988, Canadian journal of public health.

[20]  Frank Manola,et al.  A Personal View of DBMS Security , 1988, Database Security.