Conceptual database design: an Entity-relationship approach
Conceptual database design: an Entity-relationship approach
Modeling Security-Relevant Data Semantics
IEEE Transactions on Software Engineering
Object-oriented modeling and design
Object-oriented modeling and design
Information systems security design methods: implications for information systems development
ACM Computing Surveys (CSUR)
Database security
Object-oriented modeling and design for database applications
Object-oriented modeling and design for database applications
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
The Unified Modeling Language user guide
The Unified Modeling Language user guide
Communications of the ACM
The unified software development process
The unified software development process
Database design for smarties: using UML for data modeling
Database design for smarties: using UML for data modeling
Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Testing object-oriented systems: models, patterns, and tools
Testing object-oriented systems: models, patterns, and tools
Technical opinion: Information system security management in the new millennium
Communications of the ACM
Temporal OCL: meeting specification demands for business components
Unified modeling language
Information Security Management: Global Challenges in the New Millennium
Information Security Management: Global Challenges in the New Millennium
Database Systems: A Practical Approach to Design, Implementation, and Management
Database Systems: A Practical Approach to Design, Implementation, and Management
Building Software Securely from the Ground Up
IEEE Software
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
Fundamentals of Database Systems, Fourth Edition
Fundamentals of Database Systems, Fourth Edition
Model driven development of secure XML databases
ACM SIGMOD Record
Information and Software Technology
Analysis of Secure Mobile Grid Systems: A systematic approach
Information and Software Technology
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Middleware non-repudiation service for the data warehouse
Annales UMCS, Informatica
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
Enforcing confidentiality in relational databases by reducing inference control to access control
ISC'07 Proceedings of the 10th international conference on Information Security
| Hi-index | 0.00 |
Security is an important issue that must be considered as a fundamental requirement in information systems development, and particularly in database design. Therefore security, as a further quality property of software, must be tackled at all stages of the development. The most extended secure database model is the multilevel model, which permits the classification of information according to its confidentiality, and considers mandatory access control. Nevertheless, the problem is that no database design methodologies that consider security (and therefore secure database models) across the entire life cycle, particularly at the earliest stages currently exist. Therefore it is not possible to design secure databases appropriately. Our aim is to solve this problem by proposing a methodology for the design of secure databases. In addition to this methodology, we have defined some models that allow us to include security information in the database model, and a constraint language to define security constraints. As a result, we can specify a fine-grained classification of the information, defining with a high degree of accuracy which properties each user has to own in order to be able to access each piece of information. The methodology consists of four stages: requirements gathering; database analysis; multilevel relational logical design; and specific logical design. The first three stages define activities to analyze and design a secure database, thus producing a general secure database model. The last stage is made up of activities that adapt the general secure data model to one of the most popular secure database management systems: Oracle9i Label Security. This methodology has been used in a genuine case by the Data Processing Center of Provincial Government. In order to support the methodology, we have implemented an extension of Rational Rose, including and managing security information and constraints in the first stages of the methodology.