RBAC+: Protecting Web Databases With Access Control Mechanism

Archna Arudkar, Vimla Jethani
2012 INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY  
With the wide adoption of Internet, security of web database is a key issue. In web-based applications, due to the use of n-tier architecture, the database server has no knowledge of the web application user and hence all authorization decisions are based upon execution of specific web application. Application server has full access privileges to delegate to the end user based upon the user requirement. The identity of the end user is hidden , subsequently database server fails to assign proper
more » ... authorizations to the end user. Hence, current approaches to access control on databases do not fit for web databases because they are mostly based on individual user identities. To fill this security gap, the definition of application aware access control system is needed. In this paper, RBAC+ Model, an extension of NIST RBAC provides a application aware access control system to prevent attacks with the notion of application, application profile and sub-application session.
doi:10.24297/ijmit.v2i1.1407 fatcat:asizaxy34jcbjhqlud2fwu2n4e