An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Writing Secure Code
An Extended Authorization Model for Relational Databases
IEEE Transactions on Knowledge and Data Engineering
View Definitions with Parameters
ADBIS '95 Proceedings of the Second International Workshop on Advances in Databases and Information Systems
GQL: A Reasonable Complex SQL for Genomic Databases
BIBE '00 Proceedings of the 1st IEEE International Symposium on Bioinformatics and Biomedical Engineering
A data mining approach for database intrusion detection
Proceedings of the 2004 ACM symposium on Applied computing
A learning-based approach to the detection of SQL attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
DIWeDa - Detecting Intrusions in Web Databases
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Proceedings of the Fourteenth International Database Engineering & Applications Symposium
Inheriting access control rules from large relational databases to materialized views automatically
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III
MyABDAC: compiling XACML policies for attribute-based database access control
Proceedings of the first ACM conference on Data and application security and privacy
Users tracking and roles mining in web-based applications
Proceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop
Transactions on large-scale data- and knowledge-centered systems III
A secured collaborative model for data integration in life sciences
Transactions on large-scale data- and knowledge-centered systems IV
SENTINEL: securing database from logic flaws in web applications
Proceedings of the second ACM conference on Data and Application Security and Privacy
From MDM to DB2: a case study of security enforcement migration
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Hi-index | 0.00 |
Before the Web era, databases were well-protected by using the standard access control techniques such as Views and SQL authorization commands. But with the development of web systems, the number of attacks on databases increased and it has become clear that their access control mechanism is inadequate for web-based systems. In particular, the SQL Injection and other vulnerabilities have received considerable attention in recent years, and satisfactory solutions to these kinds of attacks are still lacking. We present a new method for protecting web databases that is based on fine-grained access control mechanism. This method uses the databases' built-in access control mechanisms enhanced with Parameterized Views and adapts them to work with web applications. The proposed access control mechanism is applicable for any existing databases and is capable to prevent many kinds of attacks, thus significantly decreases the web databases' attack surface.