DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.48
Pietro Colombo , UniversitÓ degli Studi dell'Insubria, Varese
Elena Ferrari , UniversitÓ degli Studi dell'Insubria, Varese
Within Database Management Systems (DBMS), privacy policies regulates the collection, access and disclosure of the stored personal, identifiable and sensitive data. Policies often specify obligations which represent actions that must be executed or conditions that must be satisfied before and/or after data are accessed. Although numerous policies specification languages allows the specification, no systematic support is provided to enforce obligations within relational DBMS. In this paper we make a step to fill this void presenting an approach to the definition of an enforcement monitor which handles privacy policies that include obligations. Such a monitor is derived from the same set of prolicies that must be enforced, and regulates the execution of SQL code based on the satisfaction of a variety of obligation types. The proposed solution is systematic, has been automated, does not require any programming activity and can be used with most of the existing relational DBMSs.
Relational databases, Security, integrity, and protection
P. Colombo and E. Ferrari, "Enforcing Obligations within Relational Database Management Systems," in IEEE Transactions on Dependable and Secure Computing.