Draft paper

profiledeweese3
DeWeese_Outline_ISSC290.docx

Securing Databases

Cristian DeWeese

Dr. Broman

03/19/2023

Title

Authorization and Access Control in Database Security

Introduction

One of the most essential aspects of information security is database security. It has some important features like Privacy, Transparency, Data Integrity and Authorization and Access control. In this paper, selected topic is to discuss the main focus areas of authorization and access control. Authorization provides the security of access and restrict the unauthorized access to sensitive information or data. Authorization and Access Control is the main focus area of this paper and some important features like role and responsibility, Authorization models, Access control techniques and challenges and future research directions would be discussed in the paper.

References:

Sandhu, R., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. IEEE Computer, 29(2), 38-47.

This paper provides an in-depth analysis of role-based access control (RBAC) models, which are widely used in database security. The authors discuss the different components of RBAC models, including roles, permissions, and users, and how they work together to ensure proper access control.

Bertino, E., & Ferrari, E. (2012). Authorization models and technologies for advanced database applications. ACM Computing Surveys (CSUR), 44(1), 1-70.

This article provides a comprehensive survey of authorization models and technologies used in advanced database applications. The authors discuss the different types of authorization models, including discretionary, mandatory, and role-based models, and provide an overview of the various access control techniques used in database security.

Park, J. S., Sandhu, R. S., & You, I. (2004). A flexible authorization framework for relational database systems. ACM Transactions on Database Systems (TODS), 29(1), 91-132.

This paper proposes a flexible authorization framework for relational database systems that supports RBAC and attribute-based access control (ABAC) models. The authors provide an in-depth analysis of the proposed framework and evaluate its effectiveness in preventing unauthorized access to sensitive data.

Conclusion

Authorization and access control are essential components of database security that play a critical role in protecting sensitive data from unauthorized access. The use of RBAC models and access control techniques such as ABAC can significantly enhance the security of database systems. This paper has provided an overview of the different types of authorization models and access control techniques used in database security, highlighting their importance in ensuring proper access control.

Outline

I. Introduction

A. Importance of database security

B. Authorization and access control in database security

C. Overview of the paper

II. Background and Literature Review

A. Overview of database security

B. Role of authorization and access control in database security

C. Existing literature on authorization and access control in database security

III. Authorization Models

A. Discretionary Access Control (DAC)

B. Mandatory Access Control (MAC)

C. Role-Based Access Control (RBAC)

D. Attribute-Based Access Control (ABAC)

E. Comparison of different authorization models

IV. Access Control Techniques

A. Identification and Authentication

B. Password Policies

C. User Management

D. Privilege Management

E. Auditing and Logging

F. Encryption

G. Comparison of different access control techniques

V. Role-Based Access Control (RBAC) Models

A. Components of RBAC models

B. Implementation of RBAC models

C. Advantages and disadvantages of RBAC models

D. Use cases of RBAC models

VI. Attribute-Based Access Control (ABAC) Models

A. Components of ABAC models

B. Implementation of ABAC models

C. Advantages and disadvantages of ABAC models

D. Use cases of ABAC models

VII. Flexible Authorization Frameworks

A. Role-Based and Attribute-Based Access Control

B. Evaluation of Flexible Authorization Frameworks

C. Advantages and disadvantages of flexible authorization frameworks

VIII. Challenges and Future Research Directions

A. Current challenges in authorization and access control in database security

B. Future research directions in authorization and access control in database security

IX. Conclusion

A. Summary of key points

B. Importance of authorization and access control in database security

C. Future research directions.