Fine-grained access control to web databases

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2007, Pages 31-40

  Roichman, Alex ^a   Gudes, Ehud ^a,b  

^a OPEN UNIVERSITY OF ISRAEL   (Israel)

^b BEN GURION UNIVERSITY OF THE NEGEV   (Israel)

Author keywords

Access control; Database vulnerability; Parameterized view; Rolling key; Session key; Web database security

Indexed keywords

COMPUTER CRIME; DATABASE SYSTEMS; INFORMATION MANAGEMENT; QUERY PROCESSING; WEB SERVICES;

DATABASE VULNERABILITY; PARAMETERIZED VIEW; ROLLING KEY; SESSION KEYS; WEB DATABASE SECURITY;

ACCESS CONTROL;

EID: 34548051377     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1266840.1266846     Document Type: Conference Paper

References (22)

1. Andy Baron, Mary Chipman. Creating and Optimizing Views in SQL Server. Article from: http://www.informit.com /articles/printerfriendly.asp?p= 130855&rl=1 (2000)
2. Elisa Bertino, Pierangela Samarati, Sushil Jajodia. An Extended Authorization Model for Relational Databases, In Proceeding of IEEE Transactions on Knowledge and Data Engineering, Volume 9, Issue 1, Pages: 85-101 (1997)
3. Stephen W. Boyd, Angelos D. Keromytis. SQLrand: Preventing SQL Injection Attacks, In Proceedings of the 2nd Applied Cryptography and Network Security Conf, Pages: 292-302 (2004)
4. Johann Eder. View Definitions with Parameters. Published in: Advances in Databases and Information Systems (ADBIS'95), Pages: 170-184 (1995)
5. Patricia P. Griffiths, Bradford W. Wade. An Authorization Mechanism for a Relational Database System. ACM, Transactions on Database Systems (1976)
6. P. Gulutzan, T. Pelzer. SQL-99 Complete, Really An Example-Based Reference Manual of the New Standard. R&D Books Miller Freeman, Inc. (1999)
7. Michael Howard, David LeBlanc. Writing Secure Code. Microsoft Press, ISBN 0-7356-1722-8 (2002)
8. Yi Hu, Brajendra Panda. A Data Mining Approach for Database Intrusion Detection. In Proceedings of the ACM symposium on Applied computing, Nicosia, Cyprus. Pages: 711-716 (2004)
9. Hasan M. Jamil. GQL: A Reasonable Complex SQL for Genomic Databases. In Proceedings of International Symposium on Bio-Informatics and Biomedical Engineering, IEEE, Pages: 50-59 (2000)
10. Wai Lup Low, Joseph Lee, Peter Teoh. DIDAFIT: Detecting Intrusions in Databases Through Fingerprinting Transactions. In Proceedings of the 4th International Conference on Enterprise Information Systems, Ciudad Real, Spain, Pages: 121-128 (2002)
11. Colin Angus Mackay. SQL Injection Attacks and Some Tips on How to Prevent Them. Article from: http://www.codeproject.com/cs/database / SqlInjectionAttacks.asp (2005)
12. Ofer Maor, Amichai Shulman. SQL Injection Signatures Evasion. Article from: http://imperva.com/application_defense_center/white_papers /sql_injection_signatures_evasion.html (2004)
13. K. K. Mookhey, Nilesh Burghate. Detection of SQL Injection and Cross-site Scripting Attacks, Article from: http://www.securityfocus.com/infocus/1768 (2004)
14. Raghu Ramakrishnan, Johannes Gehrke. Database Management Systems, Chapter 17.1, Introduction to Database security. Second Edition (2001)
15. Abhinav Srivastava, Sai Rahul Reddy. Intertransaction Data Dependency for Intrusion Detection in Database Systems, part of Information and System Security course, School of Information TEchnology, HT Kharagpur (2005)
16. William Stallings. Cryptography and Network Security, Third Edition, Prentice Hall International (2003)
17. Fredrik Valeur, Darren Mutz, Giovanni Vigna. A Learning-based Approach to the Detection of SQL Attacks. DIMVAn Vienna, Austria, Pages: 123-140 (2005)
18. SecuriTeam, SQL Injection Walkthrough, Article from: http://www. securiteam.com/ securityreviews/5DP0N1P76E.html (2002)
19. Advanced Topics on SQL Injection Protection, OWASP. Article from: http://www.owasp.org /images/7/7d/Advanced_Topics_on_SQL_Injection_ Protection.ppt(2006)
20. Information Security News: ISS hatches 'virtual patching' plan. Article from: http://seclists.org/isn/2003/May/0113.html (2003)
21. Controlling Database Access, Oracle9i Database Concepts Release 2 (9.2). Article from: http://download-west.oracle.com/docs/cd/B10501_01/server.920/ a96524/c23acces.htm
22. Online Book-Store application. The open source from the site:http://www.gotocode.com/apps.asp?app_id=3&