A Model-driven Role-based Access Control for SQL Databases
Complex Systems Informatics and Modeling Quarterly 2015
Raimundas Matulevičius, Henri Lakk

Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.


Atslēgas vārdi
Model-driven security, Role-based Access Control, SecureUML, PL/SQL, updatable view, instead-of trigger.
DOI
10.7250/csimq.2015-3.03
Hipersaite
https://csimq-journals.rtu.lv/article/view/csimq.2015-3.03

Matulevičius, R., Lakk, H. A Model-driven Role-based Access Control for SQL Databases. Complex Systems Informatics and Modeling Quarterly, 2015, No.3, 35.-62.lpp. e-ISSN 2255-9922. Pieejams: doi:10.7250/csimq.2015-3.03

Publikācijas valoda
English (en)
RTU Zinātniskā bibliotēka.
E-pasts: uzzinas@rtu.lv; Tālr: +371 28399196