Research On Purpose-based Access Control In Relational Database

As the widespread application of information technology, people generate more and more information. As the main storage of data, the databases are storing a massive amount of personal private data. Because of the inherent drawbacks of the traditional access control model, a large number of sensitive information leakages occur. Therefore, the user propose a stricter accessing policy requiring that the data in database is only allowed to be accessed legitimately by means of specifying a purpose which is required by the data owner. The existing access control models cannot satisfy this requirement. Therefore, the research on purpose-based access control in database becomes more and more important.In this paper, we firstly introduce functional requirements, performance requirements and security requirements of purpose-based access control system. We propose a new purpose-based access control model. In this model, we design a method for determining access purposes, which determines the accessing request according to the definition about legitimacy of access. Then we give the definitions and classifications of the multiple privacy policy, which includes self, role and mixed multiple privacy policy. For these three different types of multiple privacy policy, we propose two kinds of merging rules, including interaction and union. Finally, we give the overall architecture of the system.We introduce the key technology of each functional module in purpose-based access control system. We extend the statements about the creation of the purpose, the creation of purpose-based access control policy and policy grant. In the module of purpose-based privacy policy effecting, we give the concrete algorithm of the combination of multiple purpose-based privacy policy, and propose a algorithm about dynamic query modification. In addition, the extensions of update operation, delete operation and insert operation are also given.Finally, the experiments show that the performance of purpose-based access control system is improved compared with the model proposed by Byunn. In comparison with the original DBMS, there exists some performance degradation. However, it is within the acceptable range.