WEKO3
アイテム
Application Based Access Control for Remote RDBMS
https://ipsj.ixsq.nii.ac.jp/records/222831
https://ipsj.ixsq.nii.ac.jp/records/222831d554068c-6e37-44eb-98c2-c733cbbf549d
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6312007.pdf (1.4 MB)
|
Copyright (c) 2022 by the Information Processing Society of Japan
|
|
| オープンアクセス | ||
| Item type | Journal(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2022-12-15 | |||||||||||
| タイトル | ||||||||||||
| タイトル | Application Based Access Control for Remote RDBMS | |||||||||||
| タイトル | ||||||||||||
| 言語 | en | |||||||||||
| タイトル | Application Based Access Control for Remote RDBMS | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| キーワード | ||||||||||||
| 主題Scheme | Other | |||||||||||
| 主題 | [特集:持続可能な社会のIT基盤に向けた情報セキュリティとトラスト] RDBMS, access control, filtering, data distribution | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者所属 | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者所属 | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者所属 | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者所属(英) | ||||||||||||
| en | ||||||||||||
| Fujitsu LTD. | ||||||||||||
| 著者名 |
Chihiro, Kato
× Chihiro, Kato
× Koichi, Onoue
× Yui, Noma
|
|||||||||||
| 著者名(英) |
Chihiro, Kato
× Chihiro, Kato
× Koichi, Onoue
× Yui, Noma
|
|||||||||||
| 論文抄録 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | To accelerate business growth, companies nowadays use not only data collected by themselves but also contracted data provided by other companies. Relational data base management systems (RDBMS) are widely used to control provided data at the provider side. However, there are problems in terms of safety and convenience when a data provider accepts access to relational database data from outside data consumers. From the viewpoint of data providers, RDBMS cannot identify which applications attempt to access whereas can identifying which users and applications with IP addresses attempt to access. In addition, data providers need to apply data filtering at row and/or column level to remove specified data such as personal records and this task is bothersome and error-prone. From the perspective of data consumers, remote access to RDBMS brings about increases in the response latency on the provider side. To solve these problems, we propose a mechanism for relational database access control, which is transparent to RDBMSs and their client applications. According to an access control policy, a filtering program linked with a relational database server removes unnecessary row and/or column elements before transferring them to clients on the provider side. Based on the policy and /proc file system, a proxy program controls access from clients at the granularity of applications on the consumer side. We build the prototype system on a container orchestration tool. The experimental results show that overheads due to our access control mechanism are small enough for practical use and our mechanism is scalable with moderate overhead in comparison with operations on relational databases without it. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.822 ------------------------------ |
|||||||||||
| 論文抄録(英) | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | To accelerate business growth, companies nowadays use not only data collected by themselves but also contracted data provided by other companies. Relational data base management systems (RDBMS) are widely used to control provided data at the provider side. However, there are problems in terms of safety and convenience when a data provider accepts access to relational database data from outside data consumers. From the viewpoint of data providers, RDBMS cannot identify which applications attempt to access whereas can identifying which users and applications with IP addresses attempt to access. In addition, data providers need to apply data filtering at row and/or column level to remove specified data such as personal records and this task is bothersome and error-prone. From the perspective of data consumers, remote access to RDBMS brings about increases in the response latency on the provider side. To solve these problems, we propose a mechanism for relational database access control, which is transparent to RDBMSs and their client applications. According to an access control policy, a filtering program linked with a relational database server removes unnecessary row and/or column elements before transferring them to clients on the provider side. Based on the policy and /proc file system, a proxy program controls access from clients at the granularity of applications on the consumer side. We build the prototype system on a container orchestration tool. The experimental results show that overheads due to our access control mechanism are small enough for practical use and our mechanism is scalable with moderate overhead in comparison with operations on relational databases without it. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI http://dx.doi.org/10.2197/ipsjjip.30.822 ------------------------------ |
|||||||||||
| 書誌レコードID | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AN00116647 | |||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 63, 号 12, 発行日 2022-12-15 |
|||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||
| 公開者 | ||||||||||||
| 言語 | ja | |||||||||||
| 出版者 | 情報処理学会 | |||||||||||
