Title:
|
IMPLEMENTING FLEXIBLE AND EFFICIENT AUTHORIZATION BUSINESS RULES IN INFORMATION SYSTEMS |
Author(s):
|
Sergio Puntar, Leonardo Guerreiro Azevedo, Fernanda Baião, Claudia Cappelli |
ISBN:
|
978-989-8533-06-7 |
Editors:
|
Hans Weghorn, Leonardo Azevedo and Pedro Isaías |
Year:
|
2011 |
Edition:
|
Single |
Keywords:
|
Information security, business rules, role-based access control, Virtual Private Database, TPC-H. |
Type:
|
Full Paper |
First Page:
|
331 |
Last Page:
|
338 |
Language:
|
English |
Cover:
|
|
Full Contents:
|
click to dowload
|
Paper Abstract:
|
Information security is a major concern for any IT environment, and one of its key issues is data confidentiality, which means to ensure that secure data is not made available or disclosed to unauthorized entities. An authorization rule is a special type of business rule, and it is a key concept to address data confidentiality, since it specifies who may execute which actions over which piece of information within the enterprise. However, as the complexity of IT environments in enterprises increase and several data sources become available and accessible, it is essential that authorization rules be dynamically defined and controlled, in an integrated manner, as with any business rules management initiative. This paper proposes FARBAC, a flexible and efficient approach for executing authorization rules that dynamically guarantees data confidentiality during all accesses to the data stored in a repository. In particular, the proposal was implemented on top of Oracle DBMS using its VPD feature. Experimental tests on top of TPCH benchmark environment were executed and results demonstrated the efficiency and effectiveness of our approach. |
|
|
|
|