A practical mandatory access control model for XML databases

A practical mandatory access control (MAC) model for XML databases is presented in this paper. The label type and label access policy can be defined according to the requirements of different applications. In order to preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been implemented in an XML database. Test results demonstrated that our approach provides rational and scalable performance

Strong and Provably Secure Database Access Control

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.Comment: A short version of this paper has been published in the proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P 2016

A Taxonomy of Data Grids for Distributed Data Sharing, Management and Processing

Data Grids have been adopted as the platform for scientific communities that need to share, access, transport, process and manage large data collections distributed worldwide. They combine high-end computing technologies with high-performance networking and wide-area storage management techniques. In this paper, we discuss the key concepts behind Data Grids and compare them with other data sharing and distribution paradigms such as content delivery networks, peer-to-peer networks and distributed databases. We then provide comprehensive taxonomies that cover various aspects of architecture, data transportation, data replication and resource allocation and scheduling. Finally, we map the proposed taxonomy to various Data Grid systems not only to validate the taxonomy but also to identify areas for future exploration. Through this taxonomy, we aim to categorise existing systems to better understand their goals and their methodology. This would help evaluate their applicability for solving similar problems. This taxonomy also provides a "gap analysis" of this area through which researchers can potentially identify new issues for investigation. Finally, we hope that the proposed taxonomy and mapping also helps to provide an easy way for new practitioners to understand this complex area of research.Comment: 46 pages, 16 figures, Technical Repor

MICSIM : Concept, Developments and Applications of a PC-Microsimulation Model for Research and Teaching

It is the growing societal interest about the individual and its behaviour in our and 'modern' societies which is asking for microanalyses about the individual situation. In order to allow these microanalyses on a quantitative and empirically based level microsimulation models were developed and increasingly used for economic and social policy impact analyses. Though microsimulation is known and applied (mainly by experts), an easy to use and powerful PC microsimulation model is hard to find. The overall aim of this study and of MICSIM - A PC Microsimulation Model is to describe and offer such a user-friendly and powerful general microsimulation model for (almost) any PC, to support the impact microanalyses both in applied research and teaching. Above all, MICSIM is a general microdata handler for a wide range of typical microanalysis requirements. This paper presents the concept, developments and applications of MICSIM. After some brief remarks on microsimulation characteristics in general, the concept and substantive domains of MICSIM: the simulation, the adjustment and aging, and the evaluation of microdata, are described by its mode of operation in principle. The realisations and developments of MICSIM then are portrayed by the different versions of the computer program. Some MICSIM applications and experiences in research and teaching are following with concluding remarks.Economic and Social Policy Analyses, Microsimulation (dynamic and static), Simulation, Adjustment and Evaluation of Microdata, PC Computer Program for Microanalyses in General