Communications Infrastructure. Systems and Applications in Europe. First International ICST Conference, EuropeComm 2009, London, UK, August 11-13, 2009, Revised Selected Papers

Research Article

Mandatory and Location-Aware Access Control for Relational Databases

Download
418 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-11284-3_23,
        author={Michael Decker},
        title={Mandatory and Location-Aware Access Control for Relational Databases},
        proceedings={Communications Infrastructure. Systems and Applications in Europe. First International ICST Conference, EuropeComm 2009, London, UK, August 11-13, 2009, Revised Selected Papers},
        proceedings_a={EUROPECOMM},
        year={2012},
        month={5},
        keywords={Location-based Services Database Management Systems (DBMS) Mandatory Access Control (MAC) Mobile Computing Security Models},
        doi={10.1007/978-3-642-11284-3_23}
    }
    
  • Michael Decker
    Year: 2012
    Mandatory and Location-Aware Access Control for Relational Databases
    EUROPECOMM
    Springer
    DOI: 10.1007/978-3-642-11284-3_23
Michael Decker1,*
  • 1: University of Karlsruhe (TH)
*Contact email: decker@aifb.uni-karlsruhe.de

Abstract

Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user is allowed to perform the operation (but not ) on the resource . With conventional access control this decision is based on the user’s identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user’s current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.