RBAC+: Protecting Web Databases With Access Control Mechanism
DOI:
https://doi.org/10.24297/ijmit.v2i1.1407Keywords:
Application Profile, Access control, Sub-application sessionAbstract
With the wide adoption of Internet, security of web database is a key issue. In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific web application. Application server has full access privileges to delegate to the end user based upon the user requirement. The identity of the end user is hidden , subsequently database server fails to assign proper authorizations to the end user. Hence, current approaches to access control on databases do not fit for web databases because they are mostly based on individual user identities. To fill this security gap, the definition of application aware access control system is needed. In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
All articles published in Journal of Advances in Linguistics are licensed under a Creative Commons Attribution 4.0 International License.