A Toolkit for Automated Fine-Grained Access Control Policy Enforcement in Oracle 9i

Show simple item record

dc.contributor.advisor Dr. Annie I. Ant¨®n, Committee Member en_US
dc.contributor.advisor Dr.Ting Yu, Committee Chair en_US
dc.contributor.advisor Dr. Jaewoo Kang , Committee Member en_US
dc.contributor.author Gao, Luo en_US
dc.date.accessioned 2010-04-02T18:16:06Z
dc.date.available 2010-04-02T18:16:06Z
dc.date.issued 2004-11-25 en_US
dc.identifier.other etd-08152004-232731 en_US
dc.identifier.uri http://www.lib.ncsu.edu/resolver/1840.16/2629
dc.description.abstract Database access control is indispensable to information system security. As enterprises expand their services to the Internet, it has been widely recognized that traditional relation-level or database-level access control is no longer adequate to handle increasingly complex access control requirements in modern information systems. Instead, fine-grained access control (i.e., row-level access control) is much desired. Though several commercial database management systems support fine-grained access control, it requires security policies to be hard-coded into applications by programmers, which is a very error-prone process. It is very difficult for policy makers to verify whether an application's security requirements are correctly enforced by hard-coded policies. If they fail to detect security flaws in policy implementation, the whole information system may be at grave risk. To help effectively verify and analyze the enforcement of fine-grained access control, in this thesis we present the design and implementation of a policy management toolkit, access control enforcement toolkit (ACET), which is able to automatically translate formal access control policies to the enforcement program of database fine-grained access control. We discuss the desirable properties of formal policy languages when used to specify database fine-grained access control. We present an automated policy translation algorithm that effectively identifies access control components in formal policies and maps them into basic database access control elements. Our initial evaluation shows that the automatically generated policy enforcement program yields comparable performance to that developed by programmers. Thus, the toolkit enables policy makers to focus more on fine-grained security policy specification, without worrying the correct and efficient enforcement of database security policies. en_US
dc.rights I hereby certify that, if appropriate, I have obtained and attached hereto a written permission statement from the owner(s) of each third party copyrighted matter to be included in my thesis, dissertation, or project report, allowing distribution as specified below. I certify that the version I submitted is the same as that approved by my advisory committee. I hereby grant to NC State University or its agents the non-exclusive license to archive and make accessible, under the conditions specified below, my thesis, dissertation, or project report in whole or in part in all forms of media, now or hereafter known. I retain all other ownership rights to the copyright of the thesis, dissertation or project report. I also retain the right to use in future works (such as articles or books) all or part of this thesis, dissertation, or project report. en_US
dc.subject fine-grained access control en_US
dc.subject database en_US
dc.subject Ponder en_US
dc.subject policy language translation en_US
dc.subject Oracle en_US
dc.title A Toolkit for Automated Fine-Grained Access Control Policy Enforcement in Oracle 9i en_US
dc.degree.name MS en_US
dc.degree.level thesis en_US
dc.degree.discipline Computer Science en_US


Files in this item

Files Size Format View
etd.pdf 266.1Kb PDF View/Open

This item appears in the following Collection(s)

Show simple item record