Abstract
Security in general and database protection from unauthorized access in particular, are crucial to organizations.
Security and authorization patterns encapsulate accumulated knowledge and best practices in this area. Correct application of security and authorization patterns will ensure effective access
control to the database. For example, the Role-Based Access Control (RBAC) security pattern describes a general solution regarding who is authorized to access specific resources and
which access privileges they have, based on user roles.
Unfortunately, patterns alone do not provide concrete guidance for their application, and thus there is a need for validating their correct usage. We propose a methodical approach for
implementing security patterns for access control in database applications. This approach provides implementation guidelines to the designer of the application model, validation of the correct
usage of the patterns, and automatic generation of secure database schemata.
Security and authorization patterns encapsulate accumulated knowledge and best practices in this area. Correct application of security and authorization patterns will ensure effective access
control to the database. For example, the Role-Based Access Control (RBAC) security pattern describes a general solution regarding who is authorized to access specific resources and
which access privileges they have, based on user roles.
Unfortunately, patterns alone do not provide concrete guidance for their application, and thus there is a need for validating their correct usage. We propose a methodical approach for
implementing security patterns for access control in database applications. This approach provides implementation guidelines to the designer of the application model, validation of the correct
usage of the patterns, and automatic generation of secure database schemata.
Original language | English GB |
---|---|
Title of host publication | Proceedings of the Third International Workshop on Software Patterns and Quality (SPAQu’09) |
Editors | Hironori Washizaki, Nobukazu Yoshioka, Eduardo B. Fernandez, Jan J¨urjens |
Pages | 40 |
Number of pages | 1 |
State | Published - 2009 |
Publication series
Name | GRACE TECHNICAL REPORTS |
---|---|
ISSN (Electronic) | 1884-0760 |