Design for dynamic user-role-based security

Imtiaz Mohammed, David M. Dilts

Research output: Contribution to journalArticle

17 Scopus citations

Abstract

Preventing the disclosure, modification or destruction of information in a database has been the subject of considerable recent research (see, for example, [1-3]). While mandatory access control (MAC) assigns security clearance levels (e.g. top secret, secret) to all data for access control, discretionary access control (DAC) assigns privileges to users tailored to their responsibilities within an application. Both of these mechanisms have the fundamental limitation that they are unable to deal with the changing roles of a user (based on the occurrence of an event) within an application. As a result, user-role-based security (URBS) has been proposed [4, 5]. This paper demonstrates how URBS can be used to augment the existing security mechanisms. First the URBS concept, originally proposed for the object-oriented model, is extended to the relational model. Second, the extended model is augmented with the capability to respond to dynamic events. Finally, an integrated method is presented for the design of a dynamic, user-role-based security system.

Original languageEnglish (US)
Pages (from-to)661-671
Number of pages11
JournalComputers and Security
Volume13
Issue number8
DOIs
StatePublished - 1994

    Fingerprint

Keywords

  • Access control
  • Active database security
  • User-role-based security

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this