From MDM to DB2: a case study of security enforcement migration

Authors:
Nikolay Yakovets;Jarek Gryz;Stephanie Hazlewood;Paul van Run
Affiliations:
Department of Computer Science and Engineering, York University, Canada, Centre for Advanced Studies, IBM Canada, Canada;Department of Computer Science and Engineering, York University, Canada, Centre for Advanced Studies, IBM Canada, Canada;IBM Canada, Canada;IBM Canada, Canada
Venue:
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Year:
2012

Citing 13
Cited 0

Toward a multilevel secure relational data model

SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Role-Based Access Control Models

Computer
Access control with IBM Tivoli access manager

ACM Transactions on Information and System Security (TISSEC)
Countering code-injection attacks with instruction-set randomization

Proceedings of the 10th ACM conference on Computer and communications security
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
A logic-based framework for attribute based access control

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Security in Computing (4th Edition)

Security in Computing (4th Edition)
Trust management services in relational databases

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Fine-grained access control to web databases

Proceedings of the 12th ACM symposium on Access control models and technologies
Enterprise Master Data Management: An SOA Approach to Managing Core Information

Enterprise Master Data Management: An SOA Approach to Managing Core Information
Protection: principles and practice

AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
Trust Management and Trust Negotiation in an Extension of SQL

Trustworthy Global Computing
MyABDAC: compiling XACML policies for attribute-based database access control

Proceedings of the first ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work presents a case study of a migration of attribute-based access control enforcement from the application to the database tier. The proposed migration aims to improve the security and simplify the audit of the enterprise system by enforcing information protection principles of the least privileges and the least common mechanism. We explore the challenges of such migration and implement it in an industrial setting in a context of master data management where data security, privacy and audit are subject to regulatory compliance. Based on our implementation, we propose a general, standards-driven migration methodology.