Implementing database access control policy from unconstrained natural language text

Authors:
John Slankas
Affiliations:
North Carolina State University, USA
Venue:
Proceedings of the 2013 International Conference on Software Engineering
Year:
2013

Citing 14
Cited 0

A survey of approaches to automatic schema matching

The VLDB Journal — The International Journal on Very Large Data Bases
Ontology mapping: the state of the art

The Knowledge Engineering Review
Semantic-integration research in the database community

AI Magazine - Special issue on semantic integration
An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A survey on ontology mapping

ACM SIGMOD Record
Modern natural language interfaces to databases: composing statistical parsing with semantic tractability

COLING '04 Proceedings of the 20th international conference on Computational Linguistics
English sentence structures and EER modeling

APCCM '07 Proceedings of the fourth Asia-Pacific conference on Comceptual modelling - Volume 67
Expressions of expertness: the virtuous circle of natural language for access control policy specification

Proceedings of the 4th symposium on Usable privacy and security
Requirements-based Access Control Analysis and Policy Specification (ReCAPS)

Information and Software Technology
Automation of database design through semantic analysis

CIMMACS'08 Proceedings of the 7th WSEAS international conference on Computational intelligence, man-machine systems and cybernetics
Automatic generation of probabilistic relationships for improving schema matching

Information Systems
Controlled natural languages for knowledge representation

COLING '10 Proceedings of the 23rd International Conference on Computational Linguistics: Posters
A controlled natural language interface for authoring access control policies

Proceedings of the 2011 ACM Symposium on Applied Computing
Automated extraction of security policies from natural-language software documents

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Although software can and does implement access control at the application layer, failure to enforce data access at the data layer often allows uncontrolled data access when individuals bypass application controls. The goal of this research is to improve security and compliance by ensuring access controls rules explicitly and implicitly defined within unconstrained natural language texts are appropriately enforced within a systems relational database. Access control implemented in both the application and data layers strongly supports a defense in depth strategy. We propose a tool-based process to 1) parse existing, unaltered natural language documents; 2) classify whether or not a statement implies access control and whether or not the statement implies database design; and, as appropriate, 3) extract policy elements; 4) extract database design; 5) map data objects found in the text to a database schema; and 6) automatically generate the necessary SQL commands to enable the database to enforce access control. Our initial studies of the first three steps indicate that we can effectively identify access control sentences and extract the relevant policy elements.