Authors: Asmawi A., Affendey L. S., Udzir N. I., Mahmod R.

Abstract:

The topic of enhancing security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. In order to improve security and provide dynamic access control for XML databases, we presented XLog file to calculate user trust values by recording users’ bad transaction, errors and query severities. Severity-aware trust-based access control for XML databases manages the access policy depending on users' trust values and prevents unauthorized processes, malicious transactions and insider threats. Privileges are automatically modified and adjusted over time depending on user behaviour and query severity. Logging in database is an important process and is used for recovery and security purposes. In this paper, the Xlog file is presented as a dynamic and temporary log file for XML databases to enhance the level of security.

Keywords: XML database, trust-based access control, severity-aware, trust values, log file.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1093209

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1809

References:

[1] M. Chagarlamudi, B. Panda and Y. Hu, "Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases,” in 2009 Sixth International Conference on InformationTechnology: New Generations, ITNG '09, 2009, pp. 1616-1620.
[2] J. S. Park and J. Giordano, "Role-based profile analysis for scalable and accurate insider-anomaly detection,” in 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006, 2006, pp. 463-470.
[3] A. Lin, E. Vullings and J. Dalziel, "A Trust-based Access Control Model for Virtual Organizations,” in Fifth International Conference on Grid and Cooperative Computing Workshops, GCCW '06, 2006, pp. 557-564.
[4] F. Almenarez, A. Marin, D. Diaz and J. Sanchez, "Developing a model for trust management in pervasive devices,” in Pervasive Computing and Communications Workshops, 2006. PerCom Workshops 2006. Fourth Annual IEEE International Conference on, 2006, pp. 267-271.
[5] X. Ma, Z. Feng, C. Xu and J. Wang, "A Trust-Based Access Control with Feedback,” in International Symposiums in Information Processing (ISIP), 2008, pp. 510-514.
[6] X. Han-fa, C. Bing-liang and X. Li-lin, "A mixed access control method based on trust and role,” in 2010 Second IITA International Conference on Geoscience and Remote Sensing (IITA-GRS), 2010, pp. 552-555.
[7] S. Singh, "Trust Based Authorization Framework for Grid Services,” Journal of Emerging Trends in Computing and Information Sciences, vol. 2, pp. 136-144, 2011.
[8] H. Molina, J. Ullman and J. Widom, Database Systems The Complete Book, 2nd ed, USA: Pearson International Edition, 2009.
[9] R. Elmasri and S. Navathe, Fundamentals of Database Systems, 5th ed, USA: Pearson International Edition, 2007.
[10] F. Etho, K. Takahashi, Y. Hori and K. Sakurai, "Study of Log File Dispersion Management Method”, 10th IEEE/IPSJ International Symposium on Applications and the Internet (SAINT), IEEE Computer Society, Seoul, Korea,2010. pp. 371-374.
[11] F. Wang, X. Zhou and C. Zaniolo, "Using XML to Build Efficient Transaction-Time Temporal Database Systems onRelational Databases”, The 22nd International Conference on Data Engineering (ICDE), IEEE Computer Society, Atlanta, Georgia, 2006, pp.131-134.