36,158 research outputs found
Design and Implementation of Multilevel Secure Database in Website
Multi-tier web server systems are used in many importantcontexts and their security is a major cause of concern.Such systems can exploit strategies. In this paper, a model was present based onthree-tier architecture (Client tier, Server tier and Database tier) and applying multilevel security on it. The database server tier consists of the DBMS or the database management system and the database and we built it off-line to reduce unauthorized access to sensitive data. The Client tier, which is usually a web browser, processes and displays HTML resources, issues HTML requests and processes the responses. These web browsers are HTTP clients that interact with the Web servers using standard protocols. The Middle or application server tier consists most of the application logic. Inputs receives from the clients and interacts with the database but only the results sent to application server then to client. This achieved by using multilevel of security to protect database, using Authorization, Password Encryption. The process of authorization done by allowing the access to proposed system pages depending on authorized level; Password encrypted using bcrypt with fallbacks on sha-256/512 with key stretching to protect it from cracking by any types of attack. Client-to-Application Server Protocol (CAP) uses the RC4A algorithm to provide data confidentiality to secure transmitted information from application server to client. Keywords: Authentication, Multi-tier model, Multi-Tier Security, Security, Data protection, Internet security
Performance study of a COTS Distributed DBMS adapted for multilevel security
Multilevel secure database management system (MLS/DBMS) products
no longer enjoy direct commercial-off-the-shelf (COTS) support.
Meanwhile, existing users of these MLS/DBMS products continue to
rely on them to satisfy their multilevel security requirements.
This calls for a new approach to developing MLS/DBMS systems, one
that relies on adapting the features of existing COTS database
products rather than depending on the traditional custom design
products to provide continuing MLS support.
We advocate fragmentation as a good basis for implementing
multilevel security in the new approach because it is well
supported in some current COTS database management systems. We
implemented a prototype that utilises the inherent advantages of
the distribution scheme in distributed databases for controlling
access to single-level fragments; this is achieved by augmenting
the distribution module of the host distributed DBMS with MLS code
such that the clearance of the user making a request is always
compared to the classification of the node containing the
fragments referenced; requests to unauthorised nodes are simply
dropped.
The prototype we implemented was used to instrument a series of
experiments to determine the relative performance of the tuple,
attribute, and element level fragmentation schemes. Our
experiments measured the impact on the front-end and the network
when various properties of each scheme, such as the number of
tuples, attributes, security levels, and the page size, were
varied for a Selection and Join query. We were particularly
interested in the relationship between performance degradation and
changes in the quantity of these properties. The performance of
each scheme was measured in terms of its response time.
The response times for the element level fragmentation scheme
increased as the numbers of tuples, attributes, security levels,
and the page size were increased, more significantly so than when
the number of tuples and attributes were increased. The response
times for the attribute level fragmentation scheme was the
fastest, suggesting that the performance of the attribute level
scheme is superior to the tuple and element level fragmentation
schemes. In the context of assurance, this research has also shown
that the distribution of fragments based on security level is a
more natural approach to implementing security in MLS/DBMS
systems, because a multilevel database is analogous to a
distributed database based on security level.
Overall, our study finds that the attribute level fragmentation
scheme demonstrates better performance than the tuple and element
level schemes. The response times (and hence the performance) of
the element level fragmentation scheme exhibited the worst
performance degradation compared to the tuple and attribute level
schemes
Authorization and access control of application data in Workflow systems
Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements
A conditional role-involved purpose-based access control model
This paper presents a role-involved conditional purpose-based access control (RCPBAC) model, where a purpose is defined as the intension of data accesses or usages. RCPBAC allows users using some data for certain purpose with conditions. The structure of RCPBAC model is defined and investigated. An algorithm is developed to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects) and is illustrated with role-based access control (RBAC) to support RCPBAC. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends traditional access control models to a further coverage of privacy preserving in data mining environment as RBAC is one of the most popular approach towards access control to achieve database security and available in database management systems. The
structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent
Recommended from our members
A practical mandatory access control model for XML databases
A practical mandatory access control (MAC) model for XML databases is presented in this paper. The
label type and label access policy can be defined according to the requirements of different applications. In order to
preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in
label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload
of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for
update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed
to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been
implemented in an XML database. Test results demonstrated that our approach provides rational and scalable
performance
- ā¦