Database Access Control in a Database Keyword Search Tool

  • Grettel Monteagudo Garcia Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
  • Javier Guillot Jiménez Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0003-3723-3353
  • Angelo Batista Neves Júnior Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0001-8043-1510
  • Yenier Torres Izquierdo Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio) https://orcid.org/0000-0003-0971-8572
  • Melissa Lemos Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
  • Marco A. Casanova Pontifícia Universidade Católica do Rio de Janeiro (PUC-Rio)
  • Ana Cristina Ferreira Petrobras
  • Flavia Pacheco Texeira da Silva Petrobras

Resumo


This paper addresses the access control problem in the context of database keyword search, when a user defines a query by a list of keywords, and not by SQL (or SPARQL) code. It describes the solutions implemented in DANKE, a database keyword search platform currently used in several industrial applications. DANKE offers two alternatives for managing access control: given a keyword query K and the user permissions P, either compile K into the same structured query and filter the results based on P, or compile K into different structured queries, depending on P. Likewise, DANKE has two alternatives for defining the user permissions: using the features of the database management system, or using an internal mechanism.

Palavras-chave: access control, keyword search, industrial applications

Referências

Bertino, E. and Sandhu, R. (2005). Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing, 2:2–18.

Bertino, E., Bonatti, P. A., and Ferrari, E. (2000). Trbac: a temporal role-based access control model. RBAC ’00: Proceedings of the fifth ACM workshop on Role-based access control, pages 21–30.

Bertino, E., Ghinita, G., and Kamra, A. (2011). Access control for databases: Concepts and systems. Foundations and Trends® in Databases, 3:1–148.

Damiani, M. L., Bertino, E., Catania, B., and Perlasca, P. (2007). Geo-rbac: A spatially aware rbac. ACM Transactions on Information and System Security (TISSEC), 10.

Ferraiolo, D. F., Kuhn, D. R., and Chandramouli, R. (2001). Proposed nist standard for role-based access control. ACM Transactions on Information and System Security, 4:224–274.

García, G. M. (2020). A Keyword-based Query Processing Method for Datasets with Schemas. PhD thesis, Thesis presented to the Graduate Program in Informatics, PUC-Rio (March 2020).

Izquierdo, Y. T., García, G. M., Lemos, M., Novello, A. F., Novelli, B., Damasceno, C., Leme, L. A. P. P., and Casanova, M. A. (2020). Keyword search over the covid-19 data. In SBBD, pages 205–210.

Izquierdo, Y. T., Garcia, G. M., Lemos, M., Novello, A., Novelli, B., Damasceno, C., Leme, L. A. P. P., and Casanova, M. A. (2021). A platform for keyword search and its application for covid-19 pandemic data. Journal of Information and Data Management, 12(5).

Jabal, A. A., Davari, M., Bertino, E., Makaya, C., Calo, S., Verma, D., Russo, A., and Williams, C. (2019). Methods and tools for policy analysis. ACM Comput. Surv, 51.

Kumar, M. and Newman, R. E. (2006). Strbac - an approach towards spatio-temporal role-based access control. Communication, Network, and Information Security, 155.

Sandhu, R., Ferraiolo, D., and Kuhn, R. (2000). The nist model for role-based access control: Towards a unified standard. ACM workshop on Role-based access control, 10.

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. (1996). Computer role-based access control models. Computer, 29:38–47.
Publicado
25/09/2023
MONTEAGUDO GARCIA, Grettel; GUILLOT JIMÉNEZ, Javier; BATISTA NEVES JÚNIOR, Angelo; TORRES IZQUIERDO, Yenier; LEMOS, Melissa; CASANOVA, Marco A.; FERREIRA, Ana Cristina; TEXEIRA DA SILVA, Flavia Pacheco. Database Access Control in a Database Keyword Search Tool. In: SIMPÓSIO BRASILEIRO DE BANCO DE DADOS (SBBD), 38. , 2023, Belo Horizonte/MG. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 205-217. ISSN 2763-8979. DOI: https://doi.org/10.5753/sbbd.2023.232053.