A Model-driven Role-based Access Control for SQL Databases

Raimundas Matulevičius, Henri Lakk


Nowadays security has become an important aspect in information systems engineering. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. While the benefits of RBAC are widely acknowledged, the implementation and administration of RBAC policies remains a human intensive activity, typically postponed until the implementation and maintenance phases of system development. This deferred security engineering approach makes it difficult for security requirements to be accurately captured and for the system’s implementation to be kept aligned with these requirements as the system evolves. In this paper we propose a model-driven approach to manage SQL database access under the RBAC paradigm. The starting point of the approach is an RBAC model captured in SecureUML. This model is automatically translated to Oracle Database views and instead-of triggers code, which implements the security constraints. The approach has been fully instrumented as a prototype and its effectiveness has been validated by means of a case study.


Model-driven security, Role-based Access Control, SecureUML, PL/SQL, updatable view, instead-of trigger.

Full Text:


DOI: 10.7250/csimq.2015-3.03


1. A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures
Faouzi Jaïdi, Faten Labbene Ayachi, Adel Bouhoula
Security and Communication Networks  vol: 2018  first page: 1  year: 2018  
doi: 10.1155/2018/7142170


  • There are currently no refbacks.

Copyright (c)