Designing secure databases

Fernández‐Medina, Eduardo; Piattini, Mario

doi:10.1016/j.infsof.2004.09.013

Cited by 41 publications

(25 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fernández-Medina and Piattini [13] proposed a methodology to design multilevel databases based on MAC policies. The methodology enables creating conceptual and logical models of multilevel databases, and implementing the models using Oracle Label Security [8].…”

Section: Review and Evaluation Of Secure Software Development Methodsmentioning

confidence: 99%

“…Various efforts to deal with the security aspect at the early stages of the software development life cycle have been made. These include various extensions to UML that enable modeling of security features such as UMLsec [16], threat and attack modeling techniques such as misuse cases [31], methods for requirements engineering such as Secure Tropos [27], and methodologies for developing secure applications and databases such as [12,13]. Nevertheless, such methods primarily provide guidelines of how to deal with security within a certain stage of the software development process, or address only specific security-related aspects or mechanisms in the development process.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Abramov

Sturm

Shoval

2012

Information and Software Technology

View full text Add to dashboard Cite

Section: Review and Evaluation Of Secure Software Development Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Abramov

Sturm

Shoval

2012

Information and Software Technology

View full text Add to dashboard Cite

“…Modern businesses are forced to manage their information in order to survive in the digital era [8]. Organisations without a proper database system are rare.…”

Section: Introductionmentioning

confidence: 99%

Database Application Schema Forensics

Beyers¹,

Olivier²,

Hancke³

2014

SACJ

View full text Add to dashboard Cite

The application schema layer of a Database Management System (DBMS) can be modified to deliver results that may warrant a forensic investigation. Table structures can be corrupted by changing the metadata of a database or operators of the database can be altered to deliver incorrect results when used in queries. This paper will discuss categories of possibilities that exist to alter the application schema with some practical examples. Two forensic environments are introduced where a forensic investigation can take place in. Arguments are provided why these environments are important. Methods are presented how these environments can be achieved for the application schema layer of a DBMS. A process is proposed on how forensic evidence should be extracted from the application schema layer of a DBMS. The application schema forensic evidence identification process can be applied to a wide range of forensic settings.

show abstract

“…Recently, we have proposed a methodology for relational DB which integrates security aspects at all stages of the development process [7]. However, to the best of our knowledge, there are no works that deal with security when developing an XML DB.…”

Section: Introductionmentioning

confidence: 99%

Model driven development of secure XML databases

et al. 2006

Self Cite

View full text Add to dashboard Cite

In this paper, we propose a methodological approach for the model driven development of secure XML databases (DB). This proposal is within the framework of MIDAS, a model driven methodology for the development of Web Information Systems based on the Model Driven Architecture (MDA) proposed by the Object Management Group (OMG) [20]. The XML DB development process in MIDAS proposes using the data conceptual model as a Platform Independent Model (PIM) and the XML Schema model as a Platform Specific Model (PSM), with both of these represented in UML. In this work, such models will be modified, so as to be able to add security aspects if the stored information is considered as critical. On the one hand, the use of a UML extension to incorporate security aspects at the conceptual level of secure DB development (PIM) is proposed; on the other, the previously-defined XML schema profile will be modified, the purpose being to incorporate security aspects at the logical level of the secure XML DB development (PSM). In addition to all this, the semi-automatic mappings from PIM to PSM for secure XML DB will be defined.

show abstract

Designing secure databases

Cited by 41 publications

References 15 publications

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Database Application Schema Forensics

Model driven development of secure XML databases

Contact Info

Product

Resources

About