Database Management Systems
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Fine-grained access control to web databases
Proceedings of the 12th ACM symposium on Access control models and technologies
The role mining problem: finding a minimal descriptive set of roles
Proceedings of the 12th ACM symposium on Access control models and technologies
DIWeDa - Detecting Intrusions in Web Databases
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
CAMLS: a constraint-based apriori algorithm for mining long sequences
DASFAA'10 Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part I
Finding and analyzing database user sessions
DASFAA'05 Proceedings of the 10th international conference on Database Systems for Advanced Applications
| Hi-index | 0.00 |
When a database is accessed via a web application, web-users are not connect directly to the database, but rather via the web application. From a database point of view, such a connection is always established by the same db-user (i.e. the web application's db-user) and specific data on the web-user is not available to the database. As a consequence, web-users' specific data cannot be audited and fine-grained access control cannot be implemented. We propose a method that provide the ability to track the web-users in web databases. The new method can be applied to legacy web applications without requiring any changes in their existing infrastructure. Using the tracked database, we propose a method to identify logical sessions (business logic), which we will use to mine the true users-roles of the web application.