A survey of approaches to automatic schema matching
The VLDB Journal — The International Journal on Very Large Data Bases
Ontology mapping: the state of the art
The Knowledge Engineering Review
Semantic-integration research in the database community
AI Magazine - Special issue on semantic integration
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
ACM SIGMOD Record
COLING '04 Proceedings of the 20th international conference on Computational Linguistics
English sentence structures and EER modeling
APCCM '07 Proceedings of the fourth Asia-Pacific conference on Comceptual modelling - Volume 67
Proceedings of the 4th symposium on Usable privacy and security
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)
Information and Software Technology
Automation of database design through semantic analysis
CIMMACS'08 Proceedings of the 7th WSEAS international conference on Computational intelligence, man-machine systems and cybernetics
Controlled natural languages for knowledge representation
COLING '10 Proceedings of the 23rd International Conference on Computational Linguistics: Posters
A controlled natural language interface for authoring access control policies
Proceedings of the 2011 ACM Symposium on Applied Computing
Automated extraction of security policies from natural-language software documents
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Hi-index | 0.00 |
Although software can and does implement access control at the application layer, failure to enforce data access at the data layer often allows uncontrolled data access when individuals bypass application controls. The goal of this research is to improve security and compliance by ensuring access controls rules explicitly and implicitly defined within unconstrained natural language texts are appropriately enforced within a systems relational database. Access control implemented in both the application and data layers strongly supports a defense in depth strategy. We propose a tool-based process to 1) parse existing, unaltered natural language documents; 2) classify whether or not a statement implies access control and whether or not the statement implies database design; and, as appropriate, 3) extract policy elements; 4) extract database design; 5) map data objects found in the text to a database schema; and 6) automatically generate the necessary SQL commands to enable the database to enforce access control. Our initial studies of the first three steps indicate that we can effectively identify access control sentences and extract the relevant policy elements.