Access Control for Databases

by Elisa Bertino

Published 1 February 2011
Today's organizations rely on database systems as the key data management technology for a large variety of tasks, ranging from day-to-day operations to critical decision making. Such widespread use of database systems make them the main target of many security attacks aimed at corrupting or exfiltrating data outside the organization. On the other hand data cannot be strictly segregated and need to be readily available for users who have legitimate authorizations to use them.

Access Control for Databases provides a comprehensive survey of the foundational models and recent research trends in access control models and mechanisms for database management systems. In addition to surveying the foundational work in the area, it presents extensive case studies covering advanced features of current database management systems, such as the support for fine-grained and context-based access control, the support for mandatory access control, and approaches for protecting the data from insider threats. It also covers novel approaches, based on cryptographic techniques, to enforce access control and surveys access control models for object-databases and XML data.

For the reader not familiar with basic notions concerning access control and cryptography, it includes a tutorial presentation on these notions. The discussion is complemented by an analysis of access control functions provided by selected commercial products. It concludes with a discussion on current challenges for database access control and security, and preliminary approaches addressing some of these challenges.