This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Database Security-Concepts, Approaches, and Challenges
January-March 2005 (vol. 2 no. 1)
pp. 2-19
As organizations increase their reliance on, possibly distributed, information systems for daily business, they become more vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability. However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security concerns, the "disintermediation” of access to data, new computing paradigms and applications, such as grid-based computing and on-demand business, have introduced both new security requirements and new contexts in which to apply and possibly extend current approaches. In this paper, we first survey the most relevant concepts underlying the notion of database security and summarize the most well-known techniques. We focus on access control systems, on which a large body of research has been devoted, and describe the key access control models, namely, the discretionary and mandatory access control models, and the role-based access control (RBAC) model. We also discuss security for advanced data management systems, and cover topics such as access control for XML. We then discuss current challenges for database security and some preliminary approaches that address some of these challenges.

[1] R. Agrawal, R. Srikant, and Y. Xu, “Database Technologies for Electronic Commerce,” Proc. Very Large Databases Conf. (VLDB), 2002.
[2] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Hippocratic Databases,” Proc. 28th Int'l Conf. Very Large Databases (VLDB), 2002.
[3] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Order-Preserving Encryption for Numeric Data,” Proc. 2004 ACM Sigmod Conf., 2004.
[4] R. Ahad, J. Davis, S. Gower, P. Lyngbaek, A. Marynowski, and E. Onuegbe, “Supporting Access Control in an Object-Oriented Database Language,” Proc. Int'l Conf. Extending Database Technology (EDBT), 1992.
[5] G.J. Ahn and R. Sandhu, “Role-Based Authorization Constraints Specification. ” ACM Trans. Information and System Security, vol. 3, no. 4, pp. 207-226, 2000.
[6] M.M. Astrahan, M.W. Blasgen, D.D. Chamberlin, K.P. Eswaran, J. Gray, P.P. Griffiths, W.F. King III, R.A. Lorie, P.R. McJones, J.W. Mehl, G.R. Putzolu, I.L. Traiger, B.W. Wade, and V. Watson, “System R: A Relational Approach to Database Management,” ACM Trans. Database Systems, vol. 1, no. 2, pp. 97-137, 1976.
[7] S. Axelsson, “Intrusion Detection Systems: A Survey and Taxonomy,” Technical Report No. 99-15, Dept. of Computer Eng., Chalmers Univ. of Technology, Sweden, 2000.
[8] J. Bacon, K. Moody, and W. Yao, “A Model of OASIS Role-Based Access Control and its Support for Active Security,” ACM Trans. Information and System Security, vol. 5, no. 4, pp. 492-540, 2002.
[9] D.E. Bell and L.J. LaPadula, “Secure Computer Systems: Unified Exposition and Multics Interpretation,” Technical Report MTR-2997, The Mitre Corp., Bedford, Mass., 1976.
[10] E. Bertino, C. Bettini, E. Ferrari, and P. Samarati, “An Access Control Model Supporting Periodicity Constraints and Temporal Reasoning,” ACM Trans. Database Systems, vol. 23, no. 3, pp. 231-285, 1998.
[11] E. Bertino, P. Bonatti, and E. Ferrari, “TRBAC: A Temporal Role-Based Access Control,” ACM Trans. Information and System Security, vol. 4, no. 3, pp. 191-233, 2001.
[12] E. Bertino, D. Bruschi, S. Franzoni, I. Nai-Fovino, and S. Valtolina, “Threat Modeling for SQL Server,” Proc. Eighth IFIP TC-6 and TC-11 Conf. Comm. and Multimedia Security (CMS 2004), Sept. 2004.
[13] E. Bertino, B. Carminati, E. Ferrari, B. Thuraisingham, and A. Gupta, “Selective and Authentic Third-Party Distribution of XML Documents,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, 2004.
[14] E. Bertino, S. Castano, and E. Ferrari, “Securing XML Documents with Author-X,” IEEE Internet Computing, vol. 5, no. 3, pp. 21-30, 2001.
[15] E. Bertino, B. Catania, and E. Ferrari, “A Nested Transaction Model for Multilevel Secure Database Management Systems,” ACM Trans. Information and System Security, vol. 4, no. 4, pp. 321-370, 2001.
[16] E. Bertino, B. Catania, E. Ferrari, and P. Perlasca, “A Logical Framework for Reasoning About Access Control Models,” ACM Trans. Information and System Security, vol. 6, no. 1, pp. 71-127, 2003.
[17] E. Bertino and E. Ferrari, “Administration Policies in a Multipolicy Authorization System,” Proc. 10th Ann. IFIP Working Conf. Database Security, Aug. 1997.
[18] E. Bertino and E. Ferrari, “Secure and Selective Dissemination of XML Documents,” ACM Trans. Information and System Security, vol. 5, no. 3, pp. 290-331, 2002.
[19] E. Bertino, E. Ferrari, and V. Atluri, “An Approach for the Specification and Enforcement of Authorization Constraints in Workflow Management Systems,” ACM Trans. Information and System Security, vol. 2, no. 1, pp. 65-104, 1999.
[20] E. Bertino, J. Fan, E. Ferrari, M.S. Hacid, A. Elmagarmid, and X. Zhou, “A Hierarchical Access Control Model for Video Database Systems,” ACM Trans. Information Systems, vol. 21, no. 2, pp. 155-191, 2003.
[21] E. Bertino, E. Ferrari, and G. Mella, “An Approach to Cooperative Updates of XML Documents in Distributed Systems,” J. Computer Security, to appear.
[22] E. Bertino, E. Ferrari, and L. ParasilitiProvenza, “Signature and Access Control Policies,” Proc. 2003 European Symp. Research in Computer Security (ESORICS-03), Oct. 2003.
[23] E. Bertino, E. Ferrari, and A. Squicciarini, “A Peer-to-Peer Framework for Trust Establishment,” IEEE Trans. Knowledge and Data Eng., vol. 16, no. 7, pp. 827-842, 2004.
[24] E. Bertino and L.M. Haas, “Views and Security in Distributed Database Management Systems,” Proc. Int'l Conf. Extending Database Technology, Mar. 1988.
[25] E. Bertino, D. Leggieri, and E. Terzi, “Securing DBMS: Characterizing and Detecting Query Flood,” Proc. Ninth Information Security Conf. (ISC '04), Sept. 2004.
[26] E. Bertino, S. Jajodia, and P. Samarati, “Database Security: Research and Practice,” Information Systems, vol. 20, no. 7, pp. 537-556, 1995.
[27] E. Bertino, S. Jajodia, and P. Samarati, “An Extended Authorization Model,” IEEE Trans. Knowledge and Data Eng., vol. 9, no. 1, pp. 85-101, 1997.
[28] R. Bhatti, E. Bertino, A. Ghafoor, and J. Joshi, “XML-Based Specification for Web Services Document Security,” Computer, vol. 37, no. 4, pp. 41-49, 2004.
[29] M. Bykova and M. Atallah, “Succint Specification of Portable Document Access Policies,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT 2004), June 2004.
[30] J.W. Byun, E. Bertino, and N. Lui, “Purpose-Based Access Control for Privacy Protection in Relational Database Systems,” CERIAS Technical Report 2004-52, Purdue Univ., 2004.
[31] D.W. Chadwick, A. Otenko, and E. Ball, “Role-Based Access Control With X.509 Attribute Certificates,” IEEE Internet Computing, vol. 7, no. 2, pp. 62-69, 2003.
[32] C. Clifton, “Using Sample Size to Limit Exposure to Data Mining,” J. Computer Security, vol. 8, no. 4, Nov. 2000.
[33] COPPA, Children's Online Privacy Protection Act of 1998, Oct. 1998, available at www.cdt.org/legislation/105th/privacycoppa.html .
[34] J. Crampton and G. Loizou, “Administrative Scope: A Foundation for Role-Based Administration,” ACM Trans. Information and System Security, vol. 6, no. 2, pp. 201-231, 2003.
[35] Y. Cui and J. Widom, “Lineage Tracing for General Data Warehouse Transformations,” VLDB J., vol. 12, no. 1, pp. 41-58, 2003.
[36] D.E. Denning, “A Lattice Model of Secure Information Flow,” Comm. ACM, vol. 19, no. 5, pp. 236-243, 1976.
[37] D.E. Denning, “Secure Statistical Databases with Random Sample Queries,” ACM Trans. Database Systems, vol. 5, no. 3, pp. 291-315, 1980.
[38] D.E. Denning and J. Schlörer, “A Fast Procedure for Finding a Tracker in a Statistical Database,” ACM Trans. Database Systems, vol. 5, no. 1, pp. 88-102, 1980.
[39] US Dept. of Defense, Trusted Computer System Evaluation Criteria, DOD 5200. 28-STD, Dept. of Defense, Washington, D.C., 1975.
[40] Y. Diao, S. Rivzi, and M. Franklin, “Toward an Internet-Scale XML Dissemination Service,” Proc. Very Large Databases Conf., 2004.
[41] A. Eisenberg and J. Melton, “SQL:1999, Formerly Known as SQL 3,” SIGMOD Record, 1999.
[42] R. Fagin, “On an Authorization Mechanism,” ACM Trans. Database Systems, vol. 3, no. 3, pp. 310-319, 1978.
[43] Federal Trade Commission, “FTC Announces Settlement with Bankrupt Website, Toysmart.com, Regarding Alleged Privacy Policy Violations,” July 2000, available at www.ftc.gov/opa/2000/07toysmart2.htm.
[44] E.B. Fernandez, R.C. Summers, and T. Lang, “Definition and Evaluation of Access Rules in Data Management Systems,” Proc. Very Large Databases Conf., 1975.
[45] E.B. Fernandez, R.C. Summers, and C. Wood, Database Security and Integrity. Addison-Wesley, Feb. 1981.
[46] E. Ferrari and B.M. Thuraisingham, “Security and Privacy for Web Databases and Services,” Advances in Database Technology— EDBT 2004, Proc. Ninth Int'l Conf. Extending Database Technology, Mar. 2004.
[47] D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-based Access Control,” ACM Trans. Information and System Security, vol. 4, no. 3, pp. 224-274, 2001.
[48] D. Ferraiolo, R. Chandramouli, and R. Kuhn, Role-Based Access Control. Artech House, Apr. 2003.
[49] A. Gabillon and E. Bruno, “Regulating Access to XML Documents,” Proc. 15th Ann. IFIP WG 11.3 Working Conf. Database Security, July 2001.
[50] J. Gray and A. Reuter, Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.
[51] P.G. Griffiths and B. Wade, “An Authorization Mechanism for a Relational Database,” ACM Trans. Database Systems, vol. 1, no. 3, pp. 242-255, 1976.
[52] H. He and R.K. Wong, “A Role-Based Access Control for XML Repositories,” Proc. First Int'l Conf. Web Information Systems Eng. (WISE '00), 2000.
[53] HIPAA, Health Insurance Portability and Accountability Act of 1996, available at http://www.hep-c-alert.org/linkshipaa.html , 1996.
[54] B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu, “A Framework for Efficient Storage Security in RDBMS,” Proc. Seventh Int'l Conf. Extending Database Technology (EDBT 2004), Mar. 2004.
[55] S. Jajodia, R. Sandhu, and B. Blaustein, “Solutions to the Polyinstantiation Problem,” Information Security: An Integrated Collection of Essays, vol. 1, M.A. Abrams et al. eds., IEEE CS Press, pp. 493-529, 1994.
[56] N. Li and M. Tripunitara, “Security Analysis in Role-Based Access Control,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT 2004), June 2004.
[57] Liberty Alliance Project (www.projectliberty.org), 2001.
[58] P. Liu, “Architectures for Intrusion Tolerant Database Systems,” Proc. 18th Ann. Computer Security Applications Conf. (ACSAC 2002), Dec. 2002.
[59] D.E. Denning, T.F. Lunt, R.R. Schell, W.R. Shockley, and M. Heckman, “The Sea View Security Model,” IEEE Trans. Software Eng., vol. 16, no. 6, pp. 593-607, 1990.
[60] G. Karjoth, “Access Control with IBM Tivoli Access Manager,” ACM Trans. Information and System Security, vol. 6, no. 2, pp. 232-257, 2003.
[61] G. Karjoth, M. Schunter, E. VanHerreweghen, “Translating Privacy Practices into Privacy Promises— How to Promise What You Can Keep,” Proc. IEEE POLICY Workshop, 2003.
[62] C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, second ed. Prentice-Hall, 2002.
[63] A. Kern, M. Kuhlmann, R. Kuropka, and A. Ruthert, “A Meta Model for Authorisations in Application Security Systems and their Integration into RBAC Administration,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT 2004), June 2004.
[64] H. Khurana, “Scalable Security and Accounting Services for Content-Based Publish/Subscribe Systems,” Proc. Symp. Applied Computing (SAC05), Mar. 2005.
[65] M. Koch, L. Mancini, and F. Parisi-Presicce, “Administrative Scope in the Graph-based Framework,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT 2004), June 2004.
[66] N. Kodali, C. Farkas, and D. Wijesekera, “An Authorization Model for Digital Libraries,” Int'l J. Digital Libraries, vol. 4, no. 3, pp. 156-170, 2004.
[67] R. Kuhn, “Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems,” Proc. Second ACM Workshop Role-Based Access Control, June 1997.
[68] J.B. Joshi, E. Bertino, U. Latif, and A. Ghafoor, “A Generalized Temporal Role Based Access Control Model,” IEEE Trans. Knowledge and Data Eng., vol. 17, no. 1, pp. 4-23, 2005.
[69] P. Missier, G. Lalk, V.S. Verykios, F. Grillo, T. Lorusso, and P. Angeletti, “Improving Data Quality in Practice: A Case Study in the Italian Public Administration,” Distributed and Parallel Databases, vol. 13, no. 2, pp. 135-160, 2003.
[70] J.E. Moss, Nested Transactions: An Approach to Reliable Distributed Computing. MIT Press, 1985.
[71] M. Murata, A. Tozawa, M. Kudo, and S. Hada, “XML Access Control Using Static Analysis,” Proc. 10th ACM Conf. Computer and Comm. Security, Nov. 2003.
[72] OASIS Consortium, eXtensible Access Control Markup Language (XACML) Committee Specification, Version 1.1, available at: http://www.oasis-open.org/committeesxacml /, 2000.
[73] S.R.M. Oliveira and O.R. Zaiane, “Privacy Preserving Frequent Itemset Mining,” Proc. IEEE ICDM Workshop Privacy, Security and Data Mining, 2002.
[74] Oracle, The Virtual Private Database in Oracle9iR2, available at http://otn.oracle.com/deploy/security/oracle9iR2/ pdfVPD9ir2twp.pdf, 2000.
[75] F. Rabitti, E. Bertino, W. Kim, and D. Woelk, “A Model of Authorization for Next-Generation Database Systems,” ACM Trans. Database Systems, vol. 16, no. 1, pp. 88-131, 1991.
[76] C. Ramaswamy and R. Sandhu, “Role-Based Access Control Features in Commercial Database Management Systems,” Proc. 21st Nat'l Information Systems Security Conf., pp. 503-511, Oct. 1998.
[77] J. Richardson, P. Schwarz, and L.F. Cabrera, “CACL: Efficient Fine-Grained Protection for Objects,” Proc. Int'l Conf. Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 1992.
[78] S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy, “Extending Query Rewriting Techniques for Fine-Grained Access Control,” Proc. ACM Sigmod Conf., June 2004.
[79] R. Sandhu, “Lattice-Based Access Control Models. ” Computer, vol. 26, no. 11, pp. 9-19, 1993.
[80] R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, “Role-Based Access Control Models,” Computer, vol. 29, no. 2, pp. 38-47, 1996.
[81] R. Sandhu and F. Chen, “The Multilevel Relational Data Model,” ACM Trans. Information and System Security, vol. 1, no. 1, pp. 93-132, 1998.
[82] O. SamySayadjari, “Multilevel Security: Reprise,” IEEE Security and Privacy, vol. 3, no. 5, 2004.
[83] B. Schneier, “Hacking the Business Climate for Network Security,” Computer, vol. 37, no. 4, pp. 87-89, 2004.
[84] R. Sion, M. Atallah, and S. Prabhakar, “Resilient Rights Proofs for Sensor Streams,” Proc. Conf. Very Large Databases, Sept. 2004.
[85] R. Sion, M. Atallah, and S. Prabhakar, “Protecting Rights Proofs for Relational Data using Watermarking,” IEEE Trans. Knowledge and Data Eng., vol. 16, no. 12, pp. 1509-1525, 2004.
[86] L. Sweeney, “Achieving k-Anonymity Privacy Protection Using Generalization and Suppression,” Int'l J. Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 10, no. 5, 2002.
[87] R. Thomas and R. Sandhu, “Task-Based Authorization Controls (TBAC) Models for Active and Enterprise-Oriented Authorization Management,” Database Security XI: Status and Prospects, T.Y. Lin and S. Qian, eds., pp. 262-275, 1998.
[88] W.G. Tzeng, “A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy,” IEEE Trans. Knowledge and Data Eng., vol. 14, no. 1, pp. 182-188, 2002.
[89] B. Thuraisingham, “Mandatory Security in Object-Oriented Database Systems,” Proc. Int'l Conf. Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 1989.
[90] B. Thuraisingham, Database and Applications Security: Integrating Databases and Applications Security. CRC Press, Dec. 2004.
[91] B.M. Thuraisingham, W. Ford, M. Collins, and J. O'Keeffe, “Design and Implementation of a Database Inference Controller,” Data Knowledge Eng., vol. 11, no. 3, pp. 271-285, 1993.
[92] J. Vaidya and C. Clifton, “Privacy Preserving Association Rule Mining in Vertically Partitioned Data,” Proc. Eighth ACM SIGKDD Int'l Conf. Knowledge Discovery and Data Mining, July 2002.
[93] J. Widom and S. Ceri, Active Database Systems: Triggers and Rules For Advanced Database Processing. Morgan Kaufmann, 1996.
[94] J. Wang and S. Osborn, “A Role-Based Approach to Access Control for XML Databases,” Proc. Ninth ACM Symp. Access Control Models and Technologies (SACMAT 2004), June 2004.
[95] C. Wood and E.B. Fernandez, “Decentralized Authorization in a Database System,” Proc. Conf. Very Large Databases, 1979.
[96] World Wide Web Consortium, Extensible Markup Language (XML), 1.0, 1998, available at: http://www.w3.org/TRREC-xml.
[97] World Wide Web Consortium, Platform for Privacy Preferences (P3P), available at www.w3.orgP3P, 1994.
[98] T.W. Yan and H. Garcia-Molina, “The SIFT Information Dissemination System,” ACM Trans. Database Systems, vol. 24, no. 4, pp. 529-565, 1999.

Index Terms:
Data confindentiality, data privacy, relational and object databases, XML.
Citation:
Elisa Bertino, Ravi Sandhu, "Database Security-Concepts, Approaches, and Challenges," IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 1, pp. 2-19, Jan.-March 2005, doi:10.1109/TDSC.2005.9
Usage of this product signifies your acceptance of the Terms of Use.