A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects\u27 roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data

Database Security System for Applying Sophisticated Access Control via Database Firewall Server

Database security, privacy, access control, database firewall, data break masking Recently, information leakage incidents have occurred due to database security vulnerabilities. The administrators in the traditional database access control methods grant simple permissions to users for accessing database objects. Even though they tried to apply more strict permissions in recent database systems, it was difficult to properly adopt sophisticated access control policies to commercial databases due to performance degradations. This paper proposes a database security system including a database firewall server as an enhanced database access control system which can efficiently enforce sophisticated security policies to provide database with confidentiality using a data masking technique for diverse conditions such as the date, time, SQL string, and table columns to database systems

Criptografía en bases de datos en cloud computing.

The IT managers of companies who are considering migrating their systems to the cloud computing have their reservationsabout the security and reliability of cloud-based services, these are not yet fully convinced that deliver sensitive data companies or theirclients is a good idea, in this context the use of encryption systems, in particular homomorphic encryption schemes are useful, since theoperations in the cloud provider are made with the encrypted information, providing a level of reliability and safety databases fromattacks as well as internal and external in cloud computing. This paper proposes a scheme to protect the different attributes ofinformation (confidentiality, integrity and authentication), stored in a BD in the Cloud.Los responsables de informática de las empresas que están pensando migrar sus sistemas de cómputo a la nube tienensus reservas con respecto a la seguridad y la confiabilidad de los servicios basados en la nube, éstos aún no están plenamenteconvencidos de que entregar datos sensibles de las empresas o de sus clientes sea buena idea, en este contexto el uso de los sistemas decifrado, y en especial los esquemas de cifrado homomórficos son de gran utilidad, ya que las operaciones realizadas en el proveedorcloud se realizan con la información cifrada, brindando así un nivel de confiabilidad y seguridad a las bases de datos frente a posiblesataques tanto internos como externos en el cloud computing. En el presente trabajo se propone un esquema para proteger los diferentesatributos de la información (confidencialidad, integridad y autenticación) almacenada en una BD en el Cloud

A DISTRIBUTED APPROACH TO PRIVACY ON THE CLOUD

The increasing adoption of Cloud-based data processing and storage poses a number of privacy issues. Users wish to preserve full control over their sensitive data and cannot accept it to be fully accessible to an external storage provider. Previous research in this area was mostly addressed at techniques to protect data stored on untrusted database servers; however, I argue that the Cloud architecture presents a number of specific problems and issues. This dissertation contains a detailed analysis of open issues. To handle them, I present a novel approach where confidential data is stored in a highly distributed partitioned database, partly located on the Cloud and partly on the clients. In my approach, data can be either private or shared; the latter is shared in a secure manner by means of simple grant-and-revoke permissions. I have developed a proof-of-concept implementation using an in\u2011memory RDBMS with row-level data encryption in order to achieve fine-grained data access control. This type of approach is rarely adopted in conventional outsourced RDBMSs because it requires several complex steps. Benchmarks of my proof-of-concept implementation show that my approach overcomes most of the problems

Managing Inventory: A Study of Databases and Database Management Systems

Databases play an important role in the storage and manipulation of data. Databases and database management systems allow for fast and efficient data querying that has recently become increasingly important in most companies and organizations. This paper introduces a few of the different types of database management systems that are in widespread use today. It introduces some important terminology related to databases and database management systems. This paper also briefly discusses web user interfaces, highlighting important user interface design principles. Finally, an inventory management system is implemented for a local stationery store and is integrated with a web application to serve as the front end

Steganographic database management system

Master'sMASTER OF SCIENC

Privacy in context : the costs and benefits of a new deidentification method

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (leaves 131-150).The American public continues to be concerned about medical privacy. Policy research continues to show people's demand for health organizations to protect patient-specific data. Health organizations need personally identifiable data for unhampered decision making; however, identifiable data are often the basis of information abuse if such data are improperly disclosed. This thesis shows that health organizations may use deidentified data for key routine organizational operations. I construct a technology adoption model and investigate if a for-profit health insurer could use deidentified data for key internal software quality management applications. If privacy-related data are analyzed without rigor, little support is found to incorporate more privacy protections into such applications. Legal and financial motivations appear lacking. Adding privacy safeguards to such software programs apparently doesn't improve policy-holder care quality. Existing technical approaches do not readily allow for data deidentification while permitting key computations within the applications. A closer analysis of data reaches different conclusions. I describe the bills that are currently passing through Congress to mitigate abuses of identifiable data that exist within organizations.(cont.) I create a cost and medical benefits model demonstrating the financial losses to the insurer and medical losses to its policy-holders due to less privacy protection within the routine software applications. One of the model components describes the Predictive Modeling application (PMA), used to identify an insurer's chronically-ill policy-holders. Disease management programs can enhance the care and reduce the costs of such individuals because improving such people's health can reduce costs to the paying organization. The model quantifies the decrease in care and rise in the insurer's claim costs as the PMA must work with suboptimal data due to policy-holders' privacy concerns regarding the routine software applications. I create a model for selecting variables to improve data linkage in software applications in general. An encryption-based approach, which allows for the secure linkage of records despite errors in linkage variables, is subsequently constructed. I test this approach as part of a general data deidentification method on an actual PMA used by health insurers. The PMA's performance is found to be the same as if executing on identifiable data.by Stanley Trepetin.Ph.D