Database Security

Bertino, Elisa; Byun, Ji-Won; Kamra, Ashish

doi:10.1007/978-3-540-69861-6_7

Cited by 3 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Data security solutions have to meet three core requirements: confidentiality (also referred to as secrecy), integrity and availability. Confidentiality refers to protection against unauthorized access, integrity ensures unauthorized and improper modification of the data, whereas availability focuses on avoiding unavailability of software and hardware, as well as recovery from errors (Bertino et al , 2007; Ferrari, 2009).…”

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

“…The granularity of these entities can be at the level of fields, attributes or data components, based on the model structure. Fine-grained access control is a fundamental requirement today (Bertino et al , 2007; Bertino and Sandhu, 2005; Colombo and Ferrari, 2019). However, new challenges emerge due to heterogeneous data in schema-free NoSQL datastores, where authorizations and their enforcement cannot rely on a known schema like in relational databases (Okman et al , 2011; Sahafizadeh and Nematbakhsh, 2015; Colombo and Ferrari, 2017, 2019; Sicari et al , 2022).…”

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

“…Access decisions rely on data content, i.e. metadata (Bertino and Sandhu, 2005) or any content from the datastore (Bertino and Sandhu, 2005; Bertino et al , 2007). Therefore, not only the structure, but also the semantics of the data are considered in authorizations and their enforcement (Bertino et al , 2011; Kulkarni, 2013; Sahafizadeh and Nematbakhsh, 2015; Sicari et al , 2022).…”

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

“…When the rule defines an access condition on a specific field, only data satisfying this rule can be accessed. This requirement not only covers the use of content-based restrictions on resources (objects), but also on attributes of requesters (subjects), such as their job title, specific qualification or signing authority (Bertino et al , 2007; Kirrane, 2015).…”

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

“…Thus, dynamic user privileges are addressed in authorization policies to allow constraints on, e.g. geographical locations, time or history (Bacon et al , 2003; Bertino and Sandhu, 2005; Bertino et al , 2007; Kulkarni, 2013; Colombo and Ferrari, 2019; Sicari et al , 2022). For instance, some resource can be only accessed if the user is in the office, within the office hours, or if the user already performed some specific task in the past.…”

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

See 4 more Smart Citations

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Mohamed,

Auer,

Hofer

et al. 2023

IJWIS

View full text Add to dashboard Cite

Purpose Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art. Design/methodology/approach This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements. Findings As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements. Originality/value This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

show abstract

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

Section: Authorization and Access Control Requirementsmentioning

confidence: 99%

See 3 more Smart Citations

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Mohamed,

Auer,

Hofer

et al. 2023

IJWIS

View full text Add to dashboard Cite

show abstract

Analysis on Vulnerability of Home Healthcare Medical Devices and Development of Protection Profile Based on Common Criteria Version 3.1

Lee

Kim

et al. 2011

2011 First ACIS/JNU International Conference on Computers, Networks, Systems and Industrial Engineering

View full text Add to dashboard Cite

Recently, there has been increased interest in home healthcare service due to prosperity of information technology and distribution of developed medical devices. Home healthcare service is a service that enables patients to receive medical service at home, without visiting a hospital. However, since the insecurely processed information can directly affect patients' health and lives, security must be taken into consideration. In this paper, we discuss the vulnerabilities and threats to consolidate security and reliability of home healthcare service, and propose a protection profile for home healthcare medical devices based on Common Criteria.Keywords-home healthcare service; home healthcare medical devices; common criteria I.

show abstract

Analisis Logging Dan Auditing Akses Database SQL Melalui Koneksi Remote Akses Menggunakan Anydesk

Joshua,

W. Chandra

2024

jati

View full text Add to dashboard Cite

Semakin banyak organisasi atau perusahaan mengadopsi praktik kerja jarak jauh dan mengandalkan koneksi remote untuk mengakses basis data SQL yang mengandung informasi penting mereka. Ini memunculkan kebutuhan untuk mengamankan, memantau, dan mengaudit aktivitas akses database yang dilakukan melalui koneksi remote. Keamanan, integritas, dan kepatuhan data menjadi prioritas utama dalam menghadapi tantangan ini untuk menjaga kesuksesan bisnis di era digital yang terus berkembang. Permasalahannya dalam pertanyaan penelitian adalah bagaimana cara memastikan bahwa data yang diinputkan ke database SQL melalui koneksi remote menggunakan anydesk sudah benar dan tidak mengalami redudansi data atau manipulasi yang tidak sah?. Penelitian ini menggunakan metode NDLC (Network Development Life Cycle) yang merupakan teknik analisis terstruktur yang digunakan untuk merencanakan dan mengelola proses pengembangan sistem. Hasil penelitian mendapatkan 2 bagian log yang tercatat yaitu bagian login dan bagian database atau transaction log.

show abstract

Database Security

Cited by 3 publications

References 22 publications

A systematic literature review of authorization and access control requirements and current state of the art for different database models

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Analysis on Vulnerability of Home Healthcare Medical Devices and Development of Protection Profile Based on Common Criteria Version 3.1

Analisis Logging Dan Auditing Akses Database SQL Melalui Koneksi Remote Akses Menggunakan Anydesk

Contact Info

Product

Resources

About