Fine-grained Access Control to Web Databases

被引:0
|
作者
Roichman, Alex [1 ]
Gudes, Ehud [1 ]
机构
[1] Open Univ, Dept Comp Sci, Raanana, Israel
来源
SACMAT'07: PROCEEDINGS OF THE 12TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES | 2007年
关键词
Access control; web database security; database vulnerability; parameterized view; session key; rolling key;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Before the Web era, databases were well-protected by using the standard access control techniques such as Views and SQL authorization commands. But with the development of web systems, the number of attacks oil databases increased and it has become clear that their access control mechanism is inadequate for web-based systems. In particular, the SQL Injection and other vulnerabilities have received considerable attention in recent years, and satisfactory solutions to these kinds of attacks are still lacking. We present a new method For protecting web databases that is based on fine-grained access control mechanism. This method uses the databases' built-in access control mechanisms enhanced with Parameterized Views and adapts them to work with web applications. The proposed access control mechanism is applicable for any existing databases and is capable to prevent many kinds of attacks, thus significantly decreases the web databases' attack Surface.
引用
收藏
页码:31 / 40
页数:10
相关论文
共 50 条
  • [1] A fine-grained access control model for relational databases
    Jie SHI
    [J]. Frontiers of Information Technology & Electronic Engineering, 2010, (08) : 575 - 586
  • [2] A fine-grained access control model for relational databases
    Jie Shi
    Hong Zhu
    [J]. Journal of Zhejiang University SCIENCE C, 2010, 11 : 575 - 586
  • [3] A fine-grained access control model for relational databases
    Shi, Jie
    Zhu, Hong
    [J]. JOURNAL OF ZHEJIANG UNIVERSITY-SCIENCE C-COMPUTERS & ELECTRONICS, 2010, 11 (08): : 575 - 586
  • [4] DBMask: Fine-Grained Access Control on Encrypted Relational Databases
    Sarfraz, Muhammad I.
    Nabeel, Mohamed
    Cao, Jianneng
    Bertino, Elisa
    [J]. TRANSACTIONS ON DATA PRIVACY, 2016, 9 (03) : 187 - 214
  • [5] A fine-grained access control model for Web services
    Bertino, E
    Squicciarini, AC
    Mevi, D
    [J]. 2004 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, 2004, : 33 - 40
  • [6] Towards a fine-grained access control model and mechanisms for semantic databases
    Franzoni, Stefano
    Mazzoleni, Pietro
    Valtolina, Stefano
    Mazzoleni, Pietro
    Bertino, Elisa
    [J]. 2007 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, 2007, : 993 - +
  • [7] Fine-Grained Access Control in Hybrid Relational-XML Databases
    Sasaki, Taketo
    Fukushima, Takuya
    Park, Daeil
    Toyama, Motomichi
    [J]. 2008 THIRD INTERNATIONAL CONFERENCE ON DIGITAL INFORMATION MANAGEMENT, VOLS 1 AND 2, 2008, : 611 - +
  • [8] POSTER: DIEGO: A Fine-Grained Access Control for Web Browsers
    Javed, Ashar
    [J]. PROCEEDINGS OF THE 18TH ACM CONFERENCE ON COMPUTER & COMMUNICATIONS SECURITY (CCS 11), 2011, : 789 - 791
  • [9] Fine-grained Access Control for Time-Series Databases using NGAC
    Chiquito, Alex
    Bodin, Ulf
    Schelen, Olov
    [J]. 2021 IEEE 19TH INTERNATIONAL CONFERENCE ON INDUSTRIAL INFORMATICS (INDIN), 2021,
  • [10] Fine-grained Service Side Access Control Model for Web Application
    Liang, Zhijun
    Zhang, Hua
    Zhao, Zhonghua
    [J]. PROCEEDINGS OF THE FIRST INTERNATIONAL CONFERENCE ON INFORMATION SCIENCES, MACHINERY, MATERIALS AND ENERGY (ICISMME 2015), 2015, 126 : 1 - 6
12345