Skip to main content
SpringerLink
Log in
Book cover

International Conference on Database and Expert Systems Applications

DEXA 2013: Database and Expert Systems Applications pp 442–449Cite as

Reverse Engineering of Database Security Policies

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNISA,volume 8056)

Abstract

Security is a critical concern for any database. Therefore, database systems provide a wide range of mechanisms to enforce security constraints. These mechanisms can be used to implement part of the security policies requested of an organization. Nevertheless, security requirements are not static, and thus, implemented policies must be changed and reviewed. As a first step, this requires to discover the actual security constraints being enforced by the database and to represent them at an appropriate abstraction level to enable their understanding and reenginering by security experts. Unfortunately, despite the existence of a number of techniques for database reverse engineering, security aspects are ignored during the process. This paper aims to cover this gap by presenting a security metamodel and reverse engineering process that helps security experts to visualize and manipulate security policies in a vendor-independent manner.

Keywords

  • Access Control
  • Security Policy
  • Reverse Engineering
  • Security Model
  • Access Control Policy

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Astrova, I.: Towards the semantic web - an approach to reverse engineering of relational databases to ontologies. In: ADBIS Research Communications. CEUR Workshop Proceedings, vol. 152 (2005), CEUR-WS.org

  2. Barker, S., Douglas, P.: RBAC policy implementation for SQL databases. In: DBSec, pp. 288–301 (2003)

    Google Scholar 

  3. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15, 39–91 (2006)

    CrossRef  Google Scholar 

  4. Chiang, R.H.L., Barron, T.M., Storey, V.C.: Reverse engineering of relational databases: extraction of an EER model from a relational database. Data Knowl. Eng. 12, 107–142 (1994)

    CrossRef  Google Scholar 

  5. Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  6. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    CrossRef  Google Scholar 

  7. Iuc Hainaut, J., Chandelon, M., Ch, M., Tonneau, C., Joris, M.: Contribution to a theory of database reverse engineering. In: Proc. of the IEEE Working Conf. on Reverse Engineering, pp. 161–170. IEEE Computer Society (1993)

    Google Scholar 

  8. Oh, S., Park, S.: Enterprise model as a basis of administration on role-based access control. In: CODAS 2001, pp. 165–174 (2001)

    Google Scholar 

  9. Petit, J.-M., Kouloumdjian, J., Boulicaut, J.-F., Toumani, F.: Using queries to improve database reverse engineering. In: Loucopoulos, P. (ed.) ER 1994. LNCS, vol. 881, pp. 369–386. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  10. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: towards a unified standard. In: Proceedings of the Fifth ACM Workshop on Role-Based Access Control, RBAC 2000, pp. 47–63. ACM (2000)

    Google Scholar 

  11. Shehab, M., Al-Haj, S., Bhagurkar, S., Al-Shaer, E.: Anomaly discovery and resolution in mySQL access control policies. In: Liddle, S.W., Schewe, K.-D., Tjoa, A.M., Zhou, X. (eds.) DEXA 2012, Part II. LNCS, vol. 7447, pp. 514–522. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ATLANMOD, & École des Mines de Nantes, INRIA, LINA, Nantes, France

    Salvador Martínez, Valerio Cosentino & Jordi Cabot

  2. Télécom Bretagne, Université Européenne de Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

Authors
  1. Salvador Martínez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Valerio Cosentino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jordi Cabot
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frédéric Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Instituto Tecnológico de Informática, Valencia, Spain

    Hendrik Decker

  2. Faculty of Electrical Engineering, Department of Cybernetics, Czech Technical University in Prague, 166 27, Prague 6, Czech Republic

    Lenka Lhotská

  3. Department of Computer Science, The University of Auckland, 1010, Auckland, New Zealand

    Sebastian Link

  4. Department of Information Technologies, University of Economics, Winston Churchill Square 4, 130 67, Prague 3, Czech Republic

    Josef Basl

  5. Institute of Software Technology, Vienna University of Technology, Favoritenstraße 9-11 / 188, 1040, Vienna, Austria

    A Min Tjoa

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Martínez, S., Cosentino, V., Cabot, J., Cuppens, F. (2013). Reverse Engineering of Database Security Policies. In: Decker, H., Lhotská, L., Link, S., Basl, J., Tjoa, A.M. (eds) Database and Expert Systems Applications. DEXA 2013. Lecture Notes in Computer Science, vol 8056. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40173-2_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40173-2_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40172-5

  • Online ISBN: 978-3-642-40173-2

  • eBook Packages: Computer ScienceComputer Science (R0)

search

Navigation