RBAC+: Dynamic Access Control for RBAC-Administered Web-Based Databases
RBAC+: Dynamic Access Control for RBAC-Administered Web-Based Databases
In a clear contrast with the phenomenal growth of Web database applications, access control issues related to data stored in the back-end databases have largely been neglected. Current approaches to access control on databases do not fit web databases because they are mostly based on individual user identities. In this paper, we propose (RBAC+), a dynamic access control model to enforce fine-grained access control to web databases. It extends the Role-Based Access Control model standard with the notions of application, application profile and sub-application session. The proposed dynamic access control model enhances the ability of detecting malicious transactions, the dominant cause that demolishes database system, by tracking application users throughout a whole session. Hence, attacks caused by malicious transactions can be detected and canceled timely before they succeed.
- Université Côte d'Azur France
- Nice Sophia Antipolis University France
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).5 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!