Please wait a minute...
Front. Inform. Technol. Electron. Eng.  2010, Vol. 11 Issue (8): 575-586    DOI: 10.1631/jzus.C0910466
    
A fine-grained access control model for relational databases
Jie Shi, Hong Zhu*
College of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, China
Download:   PDF(0KB)
Export: BibTeX | EndNote (RIS)      

Abstract  Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications. Though much work on FGAC models has been conducted, there are still a number of ongoing problems. We propose a new FGAC model which supports the specification of open access control policies as well as closed access control policies in relational databases. The negative authorization is supported, which allows the security administrator to specify what data should not be accessed by certain users. Moreover, multiple policies defined to regulate user access together are also supported. The definition and combination algorithm of multiple policies are thus provided. Finally, we implement the proposed FGAC model as a component of the database management system (DBMS) and evaluate its performance. The performance results show that the proposed model is feasible.

Key wordsFine-grained access control      Database security      Prohibition      Multiple policies     
Received: 29 July 2009      Published: 02 August 2010
CLC:  TP309  
Fund:  Project (No. 2006AA01Z430) supported by the National High-Tech Research and Development Program (863) of China
Cite this article:

Jie Shi, Hong Zhu. A fine-grained access control model for relational databases. Front. Inform. Technol. Electron. Eng., 2010, 11(8): 575-586.

URL:

http://www.zjujournals.com/xueshu/fitee/10.1631/jzus.C0910466     OR     http://www.zjujournals.com/xueshu/fitee/Y2010/V11/I8/575


A fine-grained access control model for relational databases

Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications. Though much work on FGAC models has been conducted, there are still a number of ongoing problems. We propose a new FGAC model which supports the specification of open access control policies as well as closed access control policies in relational databases. The negative authorization is supported, which allows the security administrator to specify what data should not be accessed by certain users. Moreover, multiple policies defined to regulate user access together are also supported. The definition and combination algorithm of multiple policies are thus provided. Finally, we implement the proposed FGAC model as a component of the database management system (DBMS) and evaluate its performance. The performance results show that the proposed model is feasible.

关键词: Fine-grained access control,  Database security,  Prohibition,  Multiple policies 
[1] Ehsan Saeedi, Yinan Kong, Md. Selim Hossain. Side-channel attacks and learning-vector quantization[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(4): 511-518.
[2] Yu-jun Xiao, Wen-yuan Xu, Zhen-hua Jia, Zhuo-ran Ma, Dong-lian Qi. NIPAD: a non-invasive power-based anomaly detection scheme for programmable logic controllers[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(4): 519-534.
[3] Gaurav Bansod, Narayan Pisharoty, Abhijit Patil. BORON: an ultra-lightweight and low power encryption design for pervasive computing[J]. Front. Inform. Technol. Electron. Eng., 2017, 18(3): 332-345.
[4] Feng-he Wang, Chun-xiao Wang, Zhen-hua Liu. Efficient hierarchical identity based encryption scheme in the standard model over lattices[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(8): 781-791.
[5] Jia Xie, Yu-pu Hu, Jun-tao Gao, Wen Gao. Efficient identity-based signature over NTRU lattice[J]. Front. Inform. Technol. Electron. Eng., 2016, 17(2): 135-142.
[6] Kok-Seng Wong, Myung Ho Kim. Towards a respondent-preferred ki-anonymity model[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(9): 720-731.
[7] Kuo-Hui Yeh. A lightweight authentication scheme with user untraceability[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(4): 259-271.
[8] Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. ImgFS: a transparent cryptography for stored images using a filesystem in userspace[J]. Front. Inform. Technol. Electron. Eng., 2015, 16(1): 28-42.
[9] Shuang Tan, Yan Jia. NaEPASC: a novel and efficient public auditing scheme for cloud data[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(9): 794-804.
[10] Osama A. Khashan, Abdullah M. Zin, Elankovan A. Sundararajan. Performance study of selective encryption in comparison to full encryption for still visual images[J]. Front. Inform. Technol. Electron. Eng., 2014, 15(6): 435-444.
[11] Kuo-Hui Yeh, Kuo-Yu Tsai, Jia-Li Hou. Analysis and design of a smart card based authentication protocol[J]. Front. Inform. Technol. Electron. Eng., 2013, 14(12): 909-917.
[12] Yong Cheng, Zhi-ying Wang, Jun Ma, Jiang-jiang Wu, Song-zhu Mei, Jiang-chun Ren. Efficient revocation in ciphertext-policy attribute-based encryption based cryptographic cloud storage[J]. Front. Inform. Technol. Electron. Eng., 2013, 14(2): 85-97.
[13] Hong-yuan Chen, Yue-sheng Zhu. A robust watermarking algorithm based on QR factorization and DCT using quantization index modulation technique[J]. Front. Inform. Technol. Electron. Eng., 2012, 13(8): 573-584.
[14] Baiying Lei, Ing Yann Soon. A multipurpose audio watermarking algorithm with synchronization and encryption[J]. Front. Inform. Technol. Electron. Eng., 2012, 13(1): 11-19.
[15] Zoe Lin Jiang, Jun-bin Fang, Lucas Chi Kwong Hui, Siu Ming Yiu, Kam Pui Chow, Meng-meng Sheng. k-Dimensional hashing scheme for hard disk integrity verification in computer forensics[J]. Front. Inform. Technol. Electron. Eng., 2011, 12(10): 809-818.