首页> 外文会议>International symposium on engineering secure software and systems >Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study

【24h】

Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study

机译：使用RBAC元模型监视数据库访问约束：一项可行性研究

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Role-based access control (RBAC) is widely used in organizations for access management. While basic RBAC concepts are present in modern systems, such as operating systems or database management systems, more advanced concepts like history-based separation of duty are not. In this work, we present an approach that validates advanced organizational RBAC policies using a model-based approach against the technical realization applied within a database. This allows a security officer to examine the correct implementation - possibly across multiple applications - of more powerful policies on the database level. We achieve this by monitoring the current state of a database in a UML/OCL validation tool. We assess the applicability of the approach by a non-trivial feasibility study.

机译：基于角色的访问控制（RBAC）在组织中广泛用于访问管理。尽管基本的RBAC概念存在于现代系统（例如操作系统或数据库管理系统）中，但更高级的概念（例如基于历史的职责分离）却不存在。在这项工作中，我们提出了一种方法，该方法针对数据库中应用的技术实现使用基于模型的方法来验证高级组织RBAC策略。这使安全员可以在数据库级别检查功能更强大的策略的正确实现（可能跨多个应用程序）。我们通过在UML / OCL验证工具中监视数据库的当前状态来实现此目的。我们通过非平凡的可行性研究评估了该方法的适用性。

著录项

来源
《International symposium on engineering secure software and systems 》|2015年|211-226|共16页
会议地点
作者
Lars Hamann; Karsten Sohr; Martin Gogolla;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Model checking for security; Models for security; Verification techniques for security properties; Security by design;

机译：模型检查安全性;安全模型;安全属性验证技术;设计安全;

相似文献

外文文献
中文文献
专利

1. A mobile location-based with time-constraint RBAC associated database management model [J] . Hsing-Chung Chen, Yung-Fa Huang, Shu-Hong Lee, International Journal of Computer Systems Science & Engineering . 2012 ,第6期

机译：具有时间限制的基于移动位置的RBAC相关数据库管理模型
2. Anomalous query access detection in RBAC-administered databases with random forest and PCA [J] . Ronao Charissa Ann, Cho Sung-Bae Information Sciences: An International Journal . 2016 ,第Null期

机译：具有随机森林和PCA的RBAC管理的数据库中的异常查询访问检测
3. Separation of Duty and Context Constraints for Contextual Role-Based Access Control (C-RBAC) [J] . Muhammad Nabeel Tahir International Journal of Security (IJS) . 2009 ,第1期

机译：用于基于角色的上下文访问控制（C-RBAC）的职责和上下文约束分离
4. Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study [C] . Lars Hamann, Karsten Sohr, Martin Gogolla International Symposium on Engineering Secure Software and Systems . 2015

机译：用RBAC Metamodel监控数据库访问约束：可行性研究
5. An evaluation of database quality: A case study of subject access to young adult fiction in the ACCESS PENNSYLVANIA CD-ROM Database. [D] . Westerman, Judy Gertrude Ludlam. 1990

机译：数据库质量的评估：以ACCESS宾夕法尼亚州CD-ROM数据库中的青年成人小说为研究对象的案例研究。
6. Rice bran arabinoxylan compound and quality of life of cancer patients (RBAC-QoL): Study protocol for a randomized pilot feasibility trial [O] . Soo Liang Ooi, Sok Cheon Pak, Peter S. Micalos, 2020

机译：米糠阿拉伯木聚糖化合物与癌症患者的生活质量（RBAC-QoL）：一项随机试验可行性研究的研究方案
7. Research on an Access Control Model for Radio and Television Monitoring Software Based on T-RBAC [O] . Zizhe Wang, Pei Tian, Xiang Jin 2016

机译：基于T-RBaC的广播电视监控软件访问控制模型研究
8. Secure Enterprise Access Control (SEAC) Role Based Access Control (RBAC) [R] . Fernandez, R. 2004

机译：安全企业访问控制（sEaC）基于角色的访问控制（RBaC）

Monitoring Database Access Constraints with an RBAC Metamodel: A Feasibility Study

摘要

著录项

相似文献

相关主题

期刊订阅