Achieving database accountability and traceability using the bitemporal relation

Abstract

Database systems have become the most crucial constructing components of data stores underlying modern application systems. Popular role-based access control model by Sandhu R.S. and E.J. Coyne proposed a way to manage users' access rights. However, employees playing several roles sometimes acquire access rights above their duties. These employees, for their own benefits, are capable of accessing data illegally, modifying or inserting data temporary then illegally outputting data, and finally changing data back to their original status that satisfy integrity of database contents. Usually databases are updated through record overwriting or deleting and are difficult to trace each user transaction. Hence, owners of these database systems, potentially, might become victims of data temporary misuse by criminals. Ooi, Goh, and Tan proposed a dimension space transformation concept based on indexing bitemporal databases1998, which states the concept of transforming one-dimensional time domain to two-dimensional x-y coordinates. We first study state-of-the-art of access control methods, then address role conflicts in access rights, and finally discuss the Bitemporal relation with valid and process time attributes. We further propose an approach, recording database usage trails and transparent to general users, to accomplish all record queries and changes, including insertion, deletion, modification, and retrieving, referenced Ooi, Goh, and Tan's work. Hopefully, this approach might facilitate achieving forensic objects of database traceability and accountability.