An Access Control Model for Web Databases - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2010

An Access Control Model for Web Databases

Résumé

The majority of today's web-based applications are based on back-end databases to process and store business information. Containing valuable business information, these systems are highly interesting to attackers and special care needs to be taken to prevent them from malicious accesses. In this paper, we propose (RBAC + ), an extension of the NIST RBAC (Role-Based Access Control) standard with the notions of application, application profile and sub-application session to distinguish end users that execute the same application, providing them by only the needed roles and continuously monitoring them throughout a whole session. It is based on business application logic rather than primitive reads and writes to enhance the ability of detecting malicious transactions. Hence, attacks caused by malicious transactions can be detected and canceled timely before they succeed.
Fichier principal
Vignette du fichier
_59.pdf (105.76 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01056682 , version 1 (20-08-2014)

Licence

Paternité

Identifiants

Citer

Ahlem Bouchahda-Ben Tekaya, Nhan Thanh, Adel Bouhoula, Faten Labbene-Ayachi. An Access Control Model for Web Databases. 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSEC), Jun 2010, Rome, Italy. pp.287-294, ⟨10.1007/978-3-642-13739-6_19⟩. ⟨hal-01056682⟩
187 Consultations
158 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More