Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP Annual Conference on Data and Applications Security and Privacy

DBSec 2012: Data and Applications Security and Privacy XXVI pp 207–222Cite as

  1. Home
  2. Data and Applications Security and Privacy XXVI
  3. Conference paper
From MDM to DB2: A Case Study of Security Enforcement Migration

From MDM to DB2: A Case Study of Security Enforcement Migration

  • Nikolay Yakovets17,18,
  • Jarek Gryz17,18,
  • Stephanie Hazlewood19 &
  • …
  • Paul van Run19 
  • Conference paper
  • 1908 Accesses

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7371)

Abstract

This work presents a case study of a migration of attribute-based access control enforcement from the application to the database tier. The proposed migration aims to improve the security and simplify the audit of the enterprise system by enforcing information protection principles of the least privileges and the least common mechanism. We explore the challenges of such migration and implement it in an industrial setting in a context of master data management where data security, privacy and audit are subject to regulatory compliance. Based on our implementation, we propose a general, standards-driven migration methodology.

Keywords

  • Master Data Management
  • Enterprise Security
  • Attribute-Based Access Control
  • Database Security
  • XACML
  • DB2

Download conference paper PDF

References

  1. Scott Graham, G., Denning, P.J.: Protection: Principles and Practice. In: Proceedings of the Spring Joint Computer Conference, AFIPS 1972, May 16-18, pp. 417–429. ACM, New York (1972)

    Google Scholar 

  2. Jajodia, S., Sandhu, R.: Toward a Multilevel Secure Relational Data Model. SIGMOD Rec. 20, 50–59 (1991)

    CrossRef  Google Scholar 

  3. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based Access Control Models. Computer 29(2), 38–47 (1996)

    CrossRef  Google Scholar 

  4. Wang, L., Wijesekera, D., Jajodia, S.: A Logic-based Framework for Attribute Based Access Control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 45–55 (2004)

    Google Scholar 

  5. Pfleeger, C.P., Pfleeger, S.L., Safari Tech Books Online: Security in Computing, vol. 604. Prentice Hall (2007)

    Google Scholar 

  6. Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering Code-injection Attacks with Instruction-set Randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 272–280. ACM (2003)

    Google Scholar 

  7. United States Code. Sarbanes-Oxley Act of 2002, PL 107-204, 116 Stat 745 (2002)

    Google Scholar 

  8. Security Standards Council. PCI DSS v2.0 (2010)

    Google Scholar 

  9. Allender, M.: HIPAA compliance in the OR. Aorn Journal (2002)

    Google Scholar 

  10. Saltzer, J.H., Schroeder, M.D.: The Protection of Information in Computer Systems. Proceedings of the IEEE 63(9), 1278–1308 (1975)

    CrossRef  Google Scholar 

  11. Dreibelbis, A., Hechler, E., Milman, I., Oberhofer, M., van Run, P., Wolfson, D.: Enterprise Master Data Management: An SOA Approach to Managing Core Information. IBM Press (2008)

    Google Scholar 

  12. Organization for the Advancement of Structured Information Standards (OASIS), http://www.oasis-open.org/

  13. Zeilenga, K., et al.: Lightweight directory access protocol (ldap): Technical specification road map. Technical report, RFC 4510 (June 2006)

    Google Scholar 

  14. Franzoni, S., Mazzoleni, P., Valtolina, S., Bertino, E.: Towards a Fine-Grained Access Control Model and Mechanisms for Semantic Databases. In: IEEE International Conference on Web Services, ICWS 2007, pp. 993–1000 (2007)

    Google Scholar 

  15. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-grained Access Control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD 2004, pp. 551–562 (2004)

    Google Scholar 

  16. Roichman, A., Gudes, E.: Fine-grained access control to web databases. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, SACMAT 2007, pp. 31–40 (2007)

    Google Scholar 

  17. Stoller, S.D.: Trust Management and Trust Negotiation in an Extension of SQL. In: Kaklamanis, C., Nielson, F. (eds.) TGC 2008. LNCS, vol. 5474, pp. 186–200. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  18. De Capitani di Vimercati, S., Jajodia, S., Paraboschi, S., Samarati, P.: Trust management services in relational databases. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 149–160. ACM (2007)

    Google Scholar 

  19. Chaudhuri, S., Dutta, T., Sudarshan, S.: Fine grained authorization through predicated grants. In: IEEE 23rd International Conference on Data Engineering, ICDE 2007, pp. 1174–1183. IEEE (2007)

    Google Scholar 

  20. Jahid, S., Gunter, C.A., Hoque, I., Okhravi, H.: MyABDAC: Compiling XACML Policies for Attribute-based Database Access Control. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 97–108. ACM (2011)

    Google Scholar 

  21. Karjoth, G.: Access Control with IBM Tivoli Access Manager. ACM Transactions on Information and System Security (TISSEC) 6(2), 232–257 (2003)

    CrossRef  Google Scholar 

  22. IBM. Tivoli Security Policy Manager (2011), http://www-01.ibm.com/software/tivoli/products/security-policy-mgr/

  23. Axiomatics. Axiomatics Policy Server (2011), http://www.axiomatics.com/products/axiomatics-policy-server.html

  24. SourceForge. Ladon - XACML enforcement for DB2 (2009), http://xacmlpep4db2.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, York University, Canada

    Nikolay Yakovets & Jarek Gryz

  2. Centre for Advanced Studies, IBM Canada, Canada

    Nikolay Yakovets & Jarek Gryz

  3. IBM Canada, Canada

    Stephanie Hazlewood & Paul van Run

Authors
  1. Nikolay Yakovets
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jarek Gryz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stephanie Hazlewood
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Paul van Run
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Campus de Rennes 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Nora Cuppens-Boulahia, Frédéric Cuppens & Joaquin Garcia-Alfaro,  & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Yakovets, N., Gryz, J., Hazlewood, S., van Run, P. (2012). From MDM to DB2: A Case Study of Security Enforcement Migration. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds) Data and Applications Security and Privacy XXVI. DBSec 2012. Lecture Notes in Computer Science, vol 7371. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31540-4_16

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-31540-4_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31539-8

  • Online ISBN: 978-3-642-31540-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature