- Cyber Security Challenges and Opportunities in the Context of Pakistan - 2015-03-04
- Papers presented in ICOSST held at UET Lahore - 2014-12-18
- A Journal Paper Accepted in The computer Journal, Oxford Journals - 2014-12-08
- SpringerOpen journal Paper published - 2014-11-11
- NUST Intra Research Conference - 2014-11-08
Holistic access control framework for database management systems
Databases are at the core of successful businesses. In today's era of technological advancement, companies need to implement and utilize database systems which should not only be fast, scalable and efficient but also secure from internal and external threats. The pervasive use of computing technology and increased reliance on information system also instigates various security attacks that may affect organization's sensitive data as well as their daily ongoing operations. Also, different types of information have different protection and privacy requirements; therefore, organizations must take a holistic approach to protect and secure their information. Many organizations are now concerned about changing nature, complexity, and larger scale of outside and inside attacks that have far more damaging business impact.
One of the most important and effective means of ensuring data integrity and authorized access is through access control. Access control mechanisms have been around since the commercial deployment of databases. These access control mechanisms are not consistent and do not provide holistic security to database applications in terms of authorization and confidentiality. There is need to provide comprehensive security features in terms of confidentiality and access control to database applications. A holistic strategy is required which can be flexible as new threats arise. Organizations now need security policies and solutions that evolve with new business initiatives such as out-sourcing, virtualization, cloud, mobility, Web 2.0 and social networking. Organizations now need security policies and solutions that evolve with new business initiatives such as out-sourcing, virtualization, cloud, mobility, Web 2.0 and social networking. These policies should be generic and flexible enough to meet changing security requirements of organizations.
Our research and development will aim towards providing a holistic access control framework particularly for three types of database technologies: Relational (RDBMS), Object-Oriented (OODB) and NoSQL databases. Under this project, an extensive research will be carried out accompanied with the development of framework which will help database application to securely perform their operations. Proposed framework will enable row and column level security (fine-grained level) on databases. This framework will provide authorization, authentication and confidentiality features which can be used by any database technology (RDBMS, OODB, NoSQL & Cloud DB) to protect data from disruption and disclosure. The proposed framework will focus on providing a restricted level of authorization for databases using well known security standards.
- Absract (PDF)
- Presentation (PDF)
►"Fine-Grained Access Control in Object-Oriented Databases" (Link)