TY - GEN
T1 - A medical database case study for reflective database access control
AU - Olson, Lars E.
AU - Gunter, Carl A.
AU - Olson, Sarah Peterson
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege in an access control matrix. RDBAC aids the management of database access controls by improving the expressiveness of policies, enabling enforcement at the database level rather than at the application level. This in turn facilitates the creation of new applications without the need for duplicating security enforcement in each application. Past work has proposed the use of the Transaction Datalog (TD) language as a theoretical basis for RDBAC. We present a case study for a medical database using TD. This case study includes a wide range of access patterns for which RDBAC provides a simple method for formulating policies, demonstrating the flexibility of RDBAC as well as the practicality and scalability of using such a system in real-world applications that require non-trivial policy definitions on large data sets.
AB - Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege in an access control matrix. RDBAC aids the management of database access controls by improving the expressiveness of policies, enabling enforcement at the database level rather than at the application level. This in turn facilitates the creation of new applications without the need for duplicating security enforcement in each application. Past work has proposed the use of the Transaction Datalog (TD) language as a theoretical basis for RDBAC. We present a case study for a medical database using TD. This case study includes a wide range of access patterns for which RDBAC provides a simple method for formulating policies, demonstrating the flexibility of RDBAC as well as the practicality and scalability of using such a system in real-world applications that require non-trivial policy definitions on large data sets.
KW - Case study
KW - Medical database
KW - Reflective database access control
UR - http://www.scopus.com/inward/record.url?scp=74249099757&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74249099757&partnerID=8YFLogxK
U2 - 10.1145/1655084.1655091
DO - 10.1145/1655084.1655091
M3 - Conference contribution
AN - SCOPUS:74249099757
SN - 9781605587905
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 41
EP - 51
BT - Proceedings of the 1st ACM Workshop on Security and Privacy in Medical and Home-Care Systems, SPIMACS '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
T2 - 1st ACM Workshop on Security and Privacy in Medical and Home-Care Systems, SPIMACS '09, Co-located with the 16th ACM Computer and Communications Security Conference, CCS'09
Y2 - 9 November 2009 through 13 November 2009
ER -