An active rule based approach to database security in e-commerce systems using temporal constraints

Abstract

In this paper, we present a technique that can efficiently identify anomalous accesses to the database by using an authorization rule system which has been designed for implementing a user dynamic access control system which will secure inter-operation of independently managed database services in an open, distributed environment. Traditional authorization models do not adequately meet access control requirements typical to databases, a separate authorization rule subsystem has been designed which is based on temporal event matching language (TEML). The rule specified in this security system is in event-time-condition-action (ETCA) format. XML is used for defining the authorization rules and the security rules. We could extract XML access control data from several platforms and represent the access control data for the entire enterprise through a common model. Similarly, access control data under an enterprise model can be translated to ones that are native to the platforms.