I Keynote address.- Recent Advances in Access Control Models.- II Role and Constraint-Based Access Control.- Role-based Access Control on the Web Using LDAP.- Constraints-based Access Control.- Secure Role-Based Workflow Models.- III Distributed Systems.- Subject Switching Algorithms for Access Control in Federated Databases.- Efficient Damage Assessment and Repair in Resilient Distributed Database Systems.- Administering Permissions for Distributed Data: Factoring and Automated Inference.- State-Dependent Security Decisions for Distributed Object-Systems.- IV Information Warfare and Intrusion Detection.- Reorganization of Database Log for Information Warfare Data Recovery.- Randomly roving agents for intrusion detection.- Public Telephone Network Vulnerabilities.- V Relational Databases.- Flexible Security Policies in SQL.- The Inference Problem and Updates in Relational Databases.- Managing Classified Documents in a Relational Database.- VI Implementation Issues.- A Comparison Between ConSA and Current Linux Security Implementations.- A Novel Approach to Certificate Revocation Management.- ODAR: An On-the-fly Damage Assessment and Repair System for Commercial Database Applications.- VII Multilevel Systems.- An Extended Transaction Model Approach for Multilevel Secure Transaction Processing.- Maintaining the Confidentiality of Interoperable Databases with a Multilevel Federated Security System.- VIII New Application Areas.- Security Procedures for Classification Mining Algorithms.- Regulating Access to XML documents.- IX Panel and discussion.- Panel on XML and Security.- Selected Summary of Discussions.
Database and Application Security XV provides a forum for original research results, practical experiences, and innovative ideas in database and application security. With the rapid growth of large databases and the application systems that manage them, security issues have become a primary concern in business, industry, government and society. These concerns are compounded by the expanding use of the Internet and wireless communication technologies.
This volume covers a wide variety of topics related to security and privacy of information in systems and applications, including:
- Access control models;
- Role and constraint-based access control;
- Distributed systems;
- Information warfare and intrusion detection;
- Relational databases;
- Implementation issues;
- Multilevel systems;
- New application areas including XML.
Database and Application Security XV contains papers, keynote addresses, and panel discussions from the Fifteenth Annual Working Conference on Database and Application Security, organized by the International Federation for Information Processing (IFIP) Working Group 11.3 and held July 15-18, 2001 in Niagara on the Lake, Ontario, Canada.
