RBAC+: Protecting Web Databases With Access Control Mechanism

Authors

  • Archna Arudkar
  • Vimla Jethani

DOI:

https://doi.org/10.24297/ijmit.v2i1.1407

Keywords:

Application Profile, Access control, Sub-application session

Abstract

With the wide adoption of Internet, security of web database is a key issue. In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific web application. Application server has full access privileges to delegate to the end user based upon the user requirement. The identity of the end user is hidden , subsequently database server fails to assign proper authorizations to the end user. Hence, current approaches to access control on databases do not fit for web databases because they are mostly based on individual user identities. To fill this security gap, the definition of application aware access control system is needed. In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session.

Downloads

Download data is not yet available.

Downloads

Published

2012-11-27

How to Cite

Arudkar, A., & Jethani, V. (2012). RBAC+: Protecting Web Databases With Access Control Mechanism. INTERNATIONAL JOURNAL OF MANAGEMENT &Amp; INFORMATION TECHNOLOGY, 2(1), 24–30. https://doi.org/10.24297/ijmit.v2i1.1407

Issue

Section

Articles