Database Access Control in a Database Keyword Search Tool

Grettel Monteagudo Garcia; Javier Guillot Jiménez; Angelo Batista Neves Júnior; Yenier Torres Izquierdo; Melissa Lemos; Marco A. Casanova; Ana Cristina Ferreira; Flavia Pacheco Texeira da Silva

doi:10.5753/sbbd.2023.232053

Grettel Monteagudo Garcia Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
Javier Guillot Jiménez Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0003-3723-3353
Angelo Batista Neves Júnior Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0001-8043-1510
Yenier Torres Izquierdo Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0003-0971-8572
Melissa Lemos Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
Marco A. Casanova Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
Ana Cristina Ferreira Petrobras
Flavia Pacheco Texeira da Silva Petrobras

DOI: https://doi.org/10.5753/sbbd.2023.232053

Resumo

This paper addresses the access control problem in the context of database keyword search, when a user defines a query by a list of keywords, and not by SQL (or SPARQL) code. It describes the solutions implemented in DANKE, a database keyword search platform currently used in several industrial applications. DANKE offers two alternatives for managing access control: given a keyword query K and the user permissions P, either compile K into the same structured query and filter the results based on P, or compile K into different structured queries, depending on P. Likewise, DANKE has two alternatives for defining the user permissions: using the features of the database management system, or using an internal mechanism.

Palavras-chave: access control, keyword search, industrial applications

Referências

Bertino, E. and Sandhu, R. (2005). Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2:2–18.

Bertino, E., Bonatti, P. A., and Ferrari, E. (2000). Trbac: a temporal role-based access control model. RBAC ’00: Proceedings of the fifth ACM workshop on Role-based access control, pages 21–30.

Bertino, E., Ghinita, G., and Kamra, A. (2011). Access control for databases: Concepts and systems. Foundations and Trends® in Databases, 3:1–148.

Damiani, M. L., Bertino, E., Catania, B., and Perlasca, P. (2007). Geo-rbac: A spatially aware rbac. ACM Transactions on Information and System Security (TISSEC), 10.

Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. (2001). Proposed nist standard for role-based access control. ACM Transactions on Information and System Security, 4:224–274.

García, G. M. (2020). A Keyword-based Query Processing Method for Datasets with Schemas. PhD thesis, Thesis presented to the Graduate Program in Informatics, PUC-Rio (March 2020).

Izquierdo, Y. T., García, G. M., Lemos, M., Novello, A. F., Novelli, B., Damasceno, C., Leme, L. A. P. P., and Casanova, M. A. (2020). Keyword search over the covid-19 data. In SBBD, pages 205–210.

Izquierdo, Y. T., Garcia, G. M., Lemos, M., Novello, A., Novelli, B., Damasceno, C., Leme, L. A. P. P., and Casanova, M. A. (2021). A platform for keyword search and its application for covid-19 pandemic data. Journal of Information and Data Management, 12(5).

Jabal, A. A., Davari, M., Bertino, E., Makaya, C., Calo, S., Verma, D., Russo, A., and Williams, C. (2019). Methods and tools for policy analysis. ACM Comput. Surv, 51.

Kumar, M. and Newman, R. E. (2006). Strbac - an approach towards spatio-temporal role-based access control. Communication, Network, and Information Security, 155.

Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The nist model for role-based access control: Towards a unified standard. ACM workshop on Role-based access control, 10.

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Computer role-based access control models. Computer, 29:38–47.