Role-Based Database Security (RBDS) Design

By



TABLE OF CONTENTS

CHAPTER 1: INTRODUCTION3

Background of the research4

Problem Statement4

Rationale4

Significance6

Aims and Objectives6

Theoretical Frame work6

Limitation of the Study7

CHAPTER 2: LITERATURE REVIEW8

Advantages of RBAC Over Other Existing Security Models9

Core RBAC Features10

RBAC Critique13

Designing Database Security Model14

Roles and Groups14

Level Based15

User Based16

Group Based17

Responsibility based17

Network object18

Permission19

Role Hierarchy19

Inheritance20

Private roles21

Private-Role Hierarchy22

Global-role Hierarchy23

The Model23

Coordination Agents26

CHAPTER 3: METHODOLOGY27

Research Design27

MySQL27

Security in MySQL28

REFERENCES31

RESEARCH PROPOSAL

CHAPTER 1: INTRODUCTION

Through its open standards, the Internet set the foundation for the global community and access to resources that millions of computer users enjoy today. The benefits that accrue to the global community from this approach are also available to corporate enterprises through intranets, private information networks that use Internet software and standards but are not accessible from the Internet-at-large by the general public. An intranet uses the TCP/IP protocol for both wide-area and local-area information transport, as well as HTTP, SMTP, and other open Internet-based standards to move information from clients to servers. 1 An intranet architecture for a corporate enterprise typically involves a set of servers (such as an SQL server, Web server, and database server) interconnected within a local area network.

In the global community, unresolved issues of Internet security inhibit people from, for example, entering their credit card numbers to purchase goods and services. Within corporate enterprises using intranets, security is usually the number one concern. There are three basic threat areas: storage, access, and transfer. Storage security refers to the protection of physical resources, which can be located in one or more servers. Access security concerns authentication and access to the (logical) resources available in the intranet. Transfer security relates to the protection of information in transit. It involves various encryption techniques such as symmetric and asymmetric keys, encrypted and decrypted messages, and digital signatures and certificates.

Background of the research

This study has the approach to the problem of granting user permissions assigns roles that determine the scope of access that network objects have to the intranet's resources and privileges. Intranet administrators can create roles according to the job functions performed in the organizations. They can then grant permissions—essentially, access authorizations—to these roles, and assign network objects to the roles on the basis of the network objects' responsibilities. A network object refers to an entity of an intranet that either uses, consumes, or provides a service.

Problem Statement

Role Based Database Security (RBDS) design was based on the concept of RBAC since it uses users, roles, permissions and objects, but in this case objects are database objects (unlike RBAC where objects can be any resource example a web page). Database objects like tables, views, packages and even schemas, have a limited number of actions which can used, and these actions are called privileges.

MySQL have user-level access control security mechanism but it is not entirely based on RBAC since user are granted privileges directly and Microsoft Office Access 2007 does not support user-level access security but both database can benefit from RBDS designed if it is to be implemented.

Rationale

Three main reasons justify a role-based approach to enforce local and global security policies ...