An Access Control Model for Web Databases

Abstract : The majority of today's web-based applications are based on back-end databases to process and store business information. Containing valuable business information, these systems are highly interesting to attackers and special care needs to be taken to prevent them from malicious accesses. In this paper, we propose (RBAC + ), an extension of the NIST RBAC (Role-Based Access Control) standard with the notions of application, application profile and sub-application session to distinguish end users that execute the same application, providing them by only the needed roles and continuously monitoring them throughout a whole session. It is based on business application logic rather than primitive reads and writes to enhance the ability of detecting malicious transactions. Hence, attacks caused by malicious transactions can be detected and canceled timely before they succeed.
Type de document :
Chapitre d'ouvrage
Sara Foresti; Sushil Jajodia. Data and Applications Security and Privacy XXIV, 6166, Springer, pp.287-294, 2010, Lecture Notes in Computer Science, 978-3-642-13738-9. <10.1007/978-3-642-13739-6_19>
Liste complète des métadonnées

https://hal.inria.fr/hal-01056682
Contributeur : Hal Ifip <>
Soumis le : mercredi 20 août 2014 - 13:30:30
Dernière modification le : mardi 26 août 2014 - 10:10:26
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 11:47:06

Fichier

_59.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Ahlem Bouchahda-Ben Tekaya, Nhan Thanh, Adel Bouhoula, Faten Labbene-Ayachi. An Access Control Model for Web Databases. Sara Foresti; Sushil Jajodia. Data and Applications Security and Privacy XXIV, 6166, Springer, pp.287-294, 2010, Lecture Notes in Computer Science, 978-3-642-13738-9. <10.1007/978-3-642-13739-6_19>. <hal-01056682>

Partager

Métriques

Consultations de
la notice

173

Téléchargements du document

130