• International Journal of Computer Science & Network Security
• /
• v.22 no.12
• /
• pp.107-115
• /
• 2022

Recently, big data applications need another database different from the Relation database. NoSQL databases are used to save and handle massive amounts of data. NoSQL databases have many advantages over traditional databases like flexibility, efficiently processing data, scalability, and dynamic schemas. Most of the current applications are based on the web, and the size of data is in increasing. NoSQL databases are expected to be used on a more and large scale in the future. However, NoSQL suffers from many security issues, and one of them is access control. Many recent applications need Fine-Grained Access control (FGAC). The integration of the NoSQL databases with FGAC will increase their usability in various fields. It will offer customized data protection levels and enhance security in NoSQL databases. There are different NoSQL database models, and a document-based database is one type of them. In this research, we choose the CouchDB NoSQL document database and develop an access control mechanism that works at a fain-grained level. The proposed mechanism uses role-based access control of CouchDB and restricts read access to work at the document level. The experiment shows that our mechanism effectively works at the document level in CouchDB with good execution time.

• IE interfaces
• /
• v.17 no.2
• /
• pp.226-232
• /
• 2004

In shipbuilding area, data sharing is one of the crucial issues. Recently, for collaborative design, ship structural CAD systems adopt the database as its primary storage. Database is useful to deal with the large amount of design information among the heterogeneous design department and design stage. To make the database-based CAD system object-oriented database(OODB) and object-relational database(ORDB) can be used. It is important to select proper database because the CAD system performance mainly depends on access performance of database. In this research, using prototype CAD system from other research, access performance of OODB and ORDB form CAD system was evaluated. STEP application protocol was used as the database schema and experiment was made in query by property and query by region. The results give some idea of how to choose the database for CAD systems.

• Journal of KIISE:Databases
• /
• v.36 no.5
• /
• pp.352-365
• /
• 2009

Recently, data access control policies have not been applied for authorized or unauthorized persons properly and information leakage incidents have occurred due to database security vulnerabilities. In the traditional database access control methods, administrators grant permissions for accessing database objects to users. However, these methods couldn't be applied for diverse access control policies to the database. In addition, another database security method which uses data encryption is difficult to utilize data indexing. Thus, this paper proposes an enhanced database access control system via a packet analysis method between client and database server in network to apply diverse security policies. The proposed security system can be applied the applications with access control policies related to specific factors such as date, time, SQL string, the number of result data and etc. And it also assures integrity via a public key certificate and MAC (Message Authentication Code) to prevent modification of user information and query sentences.

• Journal of KIISE:Databases
• /
• v.31 no.6
• /
• pp.684-698
• /
• 2004

The Hippocratic database model recently proposed by Agrawal et al. incorporates privacy protection capabilities into relational databases. Since the Hippocratic database is based on the relational database, it needs extensions to be adapted for XML databases. In this paper, we propose the Hippocratic XML database model, an extension of the Hippocratic database model for XML databases and present an efficient access control mechanism under this model. In contrast to relational data, XML data have tree-like hierarchies. Thus, in order to manage these hierarchies of XML data, we extend and formally define such concepts presented in the Hippocratic database model as privacy preferences, privacy policies, privacy authorizations, and usage purposes of data records. Next, we present a new mechanism, which we call the authorization index, that is used in the access control mechanism. This authorization index, which is Implemented using a multi-dimensional index, allows us to efficiently search authorizations implied by the authorization granted on the nearest ancestor using the nearest neighbor search technique. Using synthetic and real data, we have performed extensive experiments comparing query processing time with those of existing access control mechanisms. The results show that the proposed access control mechanism improves the wall clock time by up to 13.6 times over the top-down access control strategy and by up to 20.3 times over the bottom-up access control strategy The major contributions of our paper are 1) extending the Hippocratic database model into the Hippocratic XML database model and 2) proposing an efficient across control mechanism that uses the authorization index and nearest neighbor search technique under this model.

• Journal of information and communication convergence engineering
• /
• v.17 no.2
• /
• pp.149-160
• /
• 2019

Web applications typically interact with databases. Therefore, it is very crucial to understand which web components access which database resources when maintaining web apps. Existing research identifies interactions between Java web components, such as JavaServer Pages and servlets but does not extract dependencies between the web components and database resources, such as tables and attributes. This paper proposes a dynamic analysis of Java web apps, which extracts such dependencies from a Java web app and represents them as a graph. The key responsibility of our analysis method is to identify when web components access database resources. To fulfill this responsibility, our method dynamically observes the database-related objects provided in the Java standard library using the proxy pattern, which can be applied to control access to a desired object. This study also experiments with open source web apps to verify the feasibility of the proposed method.

• ETRI Journal
• /
• v.34 no.1
• /
• pp.66-75
• /
• 2012

This paper proposes a privacy-preserving database encryption scheme that provides access pattern hiding against a service provider. The proposed scheme uses a session key to permute indices of database records each time they are accessed. The proposed scheme can achieve access pattern hiding in situations in which an adversary cannot access the inside of the database directly, by separating the entity with an index table and data table and permuting both the index and position where the data are stored. Moreover, it is very efficient since only O(1) server computation and communication cost are required in terms of the number of the data stored. It can be applied to cloud computing, where the intermediate entities such as cloud computing service provider can violate the privacy of users or patients.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.3
• /
• pp.101-109
• /
• 2019

In addition to enabling access, database accounts play a protective role by defending the database from external attacks. However, because only a single account is used in the database, the account becomes the subject of vulnerability attacks. This common practice is due to the lack of database support, large numbers of users, and row-based database permissions. Therefore if the logic of the application is wrong or vulnerable, there is a risk of exposing the entire database. In this paper, we propose a Least-Privilege Account Separation Model (LPASM) that serves as an information guardian to protect the database from attacks. We separate database accounts depending on the role of application services. This model can protect the database from malicious attacks and prevent damage caused by privilege escalation by an attacker. We classify the account control policies into four categories and propose detailed roles and operating plans for each account.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.6 no.3
• /
• pp.41-56
• /
• 1996

Database servers that are used to provide multimedia information services in World Wide Web(WWW) environment have to support the access control mechanism that allows authorized users to access the constructed databases. In this paper, we define an authorization model as well as authorization policies to enforce the proper access control on databases in the BADA-III object-oriented database server and propose an access evaluation algorithm. Also we implement this model and the algorithm in the BADA-III database server. Considering the service environment of the WWW, we expect that database service providers can simply and effectively protect their data using the proposed model.

• Journal of Korean Academy of Nursing Administration
• /
• v.7 no.3
• /
• pp.425-437
• /
• 2001

This reserch was to develop database software in order to handle a lot of clinical nursing data with nursing diagnoses, related factors, defining characteristics, nursing interventions, nursing activities and nursing outcomes. MS Access2000 and SQL was selected to use a general purpose database logic with an efficiency. MS Visual Basic 6.0 was used to construct the circumstance of Graphic User Interface. The Linkage Database of abdominal surgery patients was constructed from the clinical data and questionnaire. This database system could add related factors, defining characteristics, nursing activities in the database and analyze the statistical results through Access query. In the final stage, end-users satisfaction analysis using 5 points Likert scale was dong with the response of using the database system. The accuracy/trustworthiness of the database system was verified with the highest average scores as 4.42 and also, the efficiency as 4.21, user friendly function as 4.1.

• International journal of advanced smart convergence
• /
• v.7 no.4
• /
• pp.66-74
• /
• 2018

While new information technology advances have made information access and acquisition methods much more diverse and easier, there are side effects that allow illegal access using diverse and high-performance tools. In order to cope with such threats, there are access control methods in database technology, and various studies are being conducted to extend traditional access control to cope with new computing environments. In this paper, we propose an extended access control with uncertain context-awareness. It enables appropriate security policy enforcement even if the contextual constraints specified by the security policy does not match those accompanied by access request query. We extract semantic implications from context tree, and define the argument that can quantitatively measure the semantic difference between two nodes in the context tree. It is used to semantically enforce the security policy, and to prevent the excessive authorization caused by the implication.