| dc.contributor.advisor |
Dr. Annie I. Ant¨®n, Committee Member |
en_US |
| dc.contributor.advisor |
Dr.Ting Yu, Committee Chair |
en_US |
| dc.contributor.advisor |
Dr. Jaewoo Kang , Committee Member |
en_US |
| dc.contributor.author |
Gao, Luo |
en_US |
| dc.date.accessioned |
2010-04-02T18:16:06Z |
|
| dc.date.available |
2010-04-02T18:16:06Z |
|
| dc.date.issued |
2004-11-25 |
en_US |
| dc.identifier.other |
etd-08152004-232731 |
en_US |
| dc.identifier.uri |
http://www.lib.ncsu.edu/resolver/1840.16/2629 |
|
| dc.description.abstract |
Database access control is indispensable to information system security. As enterprises expand their services to the Internet, it has been widely recognized that traditional relation-level or database-level access control is no longer adequate to handle increasingly complex access control requirements in modern information systems. Instead, fine-grained access control (i.e., row-level access control) is much desired. Though several commercial database management systems support fine-grained access control, it requires security policies to be hard-coded into applications by programmers, which is a very error-prone process. It is very difficult for policy makers to verify whether an application's security requirements are correctly enforced by hard-coded policies. If they fail to detect security flaws in policy implementation, the whole information system may be at grave risk.
To help effectively verify and analyze the enforcement of fine-grained access control, in this thesis we present the design and implementation of a policy management toolkit, access control enforcement toolkit (ACET), which is able to automatically translate formal access control policies to the enforcement program of database fine-grained access control. We discuss the desirable properties of formal policy languages when used to specify database fine-grained access control. We present an automated policy translation algorithm that effectively identifies access control components in formal policies and maps them into basic database access control elements. Our initial evaluation shows that the automatically generated policy enforcement program yields comparable performance to that developed by programmers. Thus, the toolkit enables policy makers to focus more on fine-grained security policy specification, without worrying the correct and efficient enforcement of database security policies. |
en_US |
| dc.rights |
I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. |
en_US |
| dc.subject |
fine-grained access control |
en_US |
| dc.subject |
database |
en_US |
| dc.subject |
Ponder |
en_US |
| dc.subject |
policy language translation |
en_US |
| dc.subject |
Oracle |
en_US |
| dc.title |
A Toolkit for Automated Fine-Grained Access Control Policy Enforcement in Oracle 9i |
en_US |
| dc.degree.name |
MS |
en_US |
| dc.degree.level |
thesis |
en_US |
| dc.degree.discipline |
Computer Science |
en_US |
