Development of Control and Confidentiality for Database Management Systems

896 Words4 Pages
Early research efforts in the area of access control and confidentiality for DBMSs focused on the development of two different classes of models, based on the unrestricted access control policy and on the mandatory access control policy. This early research was transmitting in the framework of relational database systems. The relational data model, being a declarative and high-level model for specifying the logical structure of data, made the development of simple declarative languages for specifying access control policies. These earlier models and the unrestricted models in particular, introduced some important principles that set apart access control models for database systems from access control models adopted by operating systems…show more content…
Also, the initial format of familiar commands for grant and revoke of authorizations that are today part of the SQL standard. Next research proposals have extended this basic model with a variety of features, such as negative authorization, role-based and task based authorization temporal authorization, and context-aware authorization. This weakness makes unrestricted access controls vulnerable to malicious attacks, such as Trojan horses embedded in application programs. A Trojan horse is a program with an apparent or actually very useful function, which contains some hidden functions exploiting the genuine authorizations of the invoking process. Sophisticated Trojan horses may leak information by means of covert channels, enabling unauthorized access to data. A covert channel is a component or feature of the system that is misused to encode or represent information for illegal transmission, without breaching the stated access control policy. A large variety of components or features can be misused to create covert channels, including the system clock, operating system inter process communication primitives, error messages, the existence of specific file names, the concurrency control mechanism, and so on. The area of compulsory access control and multilevel database systems tried to address such problems through the development of access control models based on information classification, some of which were also incorporated in commercial products. Early compulsory
Open Document