skip to main content
10.1145/3631991.3632027acmotherconferencesArticle/Chapter ViewAbstractPublication PageswsseConference Proceedingsconference-collections
research-article

SPBAC: A Semantic Policy-based Access Control for Database Query

Published: 26 December 2023 Publication History

Abstract

Access control is an essential safeguard for the security of enterprise data, which controls users’ access to information resources and ensures the confidentiality and integrity of information resources [1]. Research shows that the more common types of access control now have shortcomings [2]. In this direction, to improve the existing access control, we have studied the current technologies in the field of data security, deeply investigated the previous data access control policies and their problems, identified the existing deficiencies, and proposed a new extension structure of SPBAC. SPBAC extension proposed in this paper aims to combine Policy-Based Access Control (PBAC) with semantics to provide logically connected, real-time data access functionality by establishing associations between enterprise data through semantics. Our design combines policies with linked data through semantics to create a "Semantic link" so that access control is no longer per-database and determines that users in each role should be granted access based on the instance policy, and improves the SPBAC implementation by constructing policies and defined attributes through the XACML specification, which is designed to extend on the original XACML model. While providing relevant design solutions, this paper hopes to continue to study the feasibility and subsequent implementation of related work at a later stage.

References

[1]
Wikipedia, Access control (Mar 2019).
[2]
URL https://en.wikipedia.org/wiki/Access_control
[3]
M. Pistoia, S. J. Fink, R. J. Flynn, E. Yahav, When role models have flaws: Static validation of enterprise security policies, 29th International Conference on Software Engineering (ICSE’07)
[4]
D. Ferraiolo, R. Kuhn, Role-based access controls, Nist.gov (1992) 554–563.
[5]
URL https://csrc.nist.gov/publications/detail/conference-paper/1992/10/13/ role-based-access-controls
[6]
R. Sandhu, D. Ferraiolo, R. Kuhn, The nist model for role-based access control, Proceedings of the fifth ACM workshop on Role-based access control - RBAC ’00doi:10.1145/344287.344301.
[7]
CSRC, Role based access control | csrc (2012).
[8]
URL https://csrc.nist.gov/projects/role-based-access-control
[9]
J. Deng, L. Zhao, X. Yuan, Z. Tang, Q. Guo, Research on the role-based access control model and data security method, Communications in Computer and Information Science (2021) 86–96doi:10.1007/ 978-981-16-3150-4_8.
[10]
VanMSFT, Dynamic data masking - sql server (2022).
[11]
URL https://docs.microsoft.com/en-us/sql/relational-databases/security/ dynamic-data-masking?view=sql-server-ver16
[12]
Klaus, Information flow based security control beyond RBAC : how to enable fine-grained security policy enforcement in business processes beyond limitations of role-based access control (RBAC), Springer Vieweg, 2012.
[13]
A. Elliott, S. Knight, Towards managed role explosion, in: Proceedings of the 2015 New Security Paradigms Workshop, NSPW ’15, Association for Computing Machinery, New York, NY, USA, 2015, p. 100–111.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
WSSE '23: Proceedings of the 2023 5th World Symposium on Software Engineering
September 2023
352 pages
ISBN:9798400708053
DOI:10.1145/3631991
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 December 2023

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Access Control
  2. Access control Model
  3. Instance Policy
  4. Semantic Policy-based Access Control
  5. Semantic link
  6. XACML

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

WSSE 2023

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 25
    Total Downloads
  • Downloads (Last 12 months)24
  • Downloads (Last 6 weeks)1
Reflects downloads up to 26 Jan 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media