A Flexible Database Security System using Multiple Access Control Policies
Due to various requirements for the user access control to large databases in the hospitals and the banks,database security has been emphasized. There are many security models for database systems using wide variety of policy-based access control methods. However, they are not functionally enough to meet the requirements for the complicated and various types of access control. In this paper, we propose a database security system that can individually control user access to data groups of various sizes and is suitable for the situation where the users access privilege to arbitrary data is changed frequently.Data group(s) in different sizes d is defined by the table name(s), attribute(s) and/or record key(s), and the access privilege is defined by security levels, roles and polices.The proposed system operates in two phases. The first phase is composed of a modified MAC(Mandatory Access Control) model and RBAC(Role-Based Access Control) model. A user can access any data that has lower or equal security levels, and that is accessible by the roles to which the user is assigned. All types of access mode are controlled in this phase. In the second phase, a modified DAC(Discretionary Access Control) model is applied to non-accessible data from the result obtained at the first phase. For this purpose, we also defined the user group s that can be characterized by security levels, roles or any partition of users. The policies represented in the form of Block(s, d, r) were also defined and used to control access mode. With this proposed security system, more individual users can be flexibly controlled, while other access mode can be controlled as usual. An implementation example for a database system that manages specimen and clinical information is presented.
Database Security Access Control specimen and clinical information
Min-A Jeong Jung-Ja Kim Yonggwan Won
Research Institute of Electronics and Telecommunications Technology, Chonnam National University 300 Department of Computer Engineering, Chonnam National University 300 Yongbong-Dong Buk-Gu Kwangju,REP
国际会议
成都
英文
236-240
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)