Database Day

Activity: Participating in or organizing an eventOrganizing a conference, workshop, ...

Description

Security in general and database protection from unauthorized access in particular, are crucial for organizations. Although it has long been accepted that system requirements should be considered from the early stages of the development, non-functional requirements, such as security, tend to be neglected and dealt-with only at the end of the development process. Various methods have been proposed, however, none of them provide a complete framework to guide, enforce and verify the correct implementation of security policies within a system design, and generate source code from it. In this paper we present a novel approach that guides database designers, to design a database schema that complies with the organizational security policies related to access authorization. First, organizational policies are defined in the form of security patterns. Then, during the application development, the patterns guide the implementation of the security requirements and the correct application of the patterns is verified. Finally, the secure database schema is automatically generated. Joint work with Arnon Sturm and Peretz Shoval
Period5 Jun 2011
Event typeSeminar
LocationBeer Sheva, Israel