{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T21:39:19Z","timestamp":1725485959684},"publisher-location":"Berlin, Heidelberg","reference-count":42,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540698609"},{"type":"electronic","value":"9783540698616"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-69861-6_7","type":"book-chapter","created":{"date-parts":[[2007,6,11]],"date-time":"2007-06-11T16:17:51Z","timestamp":1181578671000},"page":"87-101","source":"Crossref","is-referenced-by-count":2,"title":["Database Security"],"prefix":"10.1007","author":[{"given":"Elisa","family":"Bertino","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ji-Won","family":"Byun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ashish","family":"Kamra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"B. Iyer, S. Mehrotra, E. Mykletun, G. Tsudik, and Y. Wu. A framework for efficient storage security in rdbms. In Proceedings of 9th International Conference on Extending Database Technology (EDBT), March 2004.","DOI":"10.1007\/978-3-540-24741-8_10"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"E. Bertino, D. Leggieri, and E. Terzi. Securing dbms: Characterizing and detecting query flood. In Proceedings of 9th Information Security Conference (ISC), September 2004.","DOI":"10.1007\/978-3-540-30144-8_17"},{"key":"7_CR3","unstructured":"National Security Telecommunications and Information Systems Security Committee. The insider threat to U.S. government information systems, July 1999."},{"key":"7_CR4","unstructured":"F. Schneider, editor. Trust in Cyberspace. National Academy Press, 1999."},{"key":"7_CR5","unstructured":"Oracle Corporation. Oracle Database Security Guide 10g Release 2, June 2005. Available at www.oracle.com."},{"key":"7_CR6","unstructured":"C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communication in a Public World. Second Edition, Prentice Hall, 2002."},{"key":"7_CR7","unstructured":"E.B. Fernandez, R.C. Summers, and T. Lang. Database Security and Integrity. Addison-Wesley, 1981."},{"issue":"3","key":"7_CR8","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1145\/320473.320482","volume":"1","author":"P.G. Griffiths","year":"1976","unstructured":"P.G. Griffiths and B. Wade. An authorization mechanism for a relational database. ACM Transactions on Database Systems, 1(3):242\u2013255, 1976.","journal-title":"ACM Transactions on Database Systems"},{"issue":"3","key":"7_CR9","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1145\/320263.320288","volume":"3","author":"R. Fagin","year":"1978","unstructured":"R. Fagin. On an authorisation mechanism. ACM Transactions on Database Systems, 3(3):310\u2013319, 1978.","journal-title":"ACM Transactions on Database Systems"},{"issue":"1","key":"7_CR10","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/69.567051","volume":"9","author":"E. Bertino","year":"1997","unstructured":"E. Bertino, S. Jajodia, and P. Samarati. An extended authorization model. IEEE Transactions on Knowledge and Data Engineering, 9(1):85\u2013101, 1997.","journal-title":"IEEE Transactions on Knowledge and Data Engineering"},{"issue":"2","key":"7_CR11","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R. Sandhu","year":"1996","unstructured":"R. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-based access control models. Computer, 29(2):38\u201347, 1996.","journal-title":"Computer"},{"key":"7_CR12","doi-asserted-by":"crossref","unstructured":"R. Thomas and R. Sandhu. Task-based authorization controls (TBAC) models for active and enterprise-oriented authorization management. Database Security XI: Status and Prospects, pages 262\u2013275, 1998.","DOI":"10.1007\/978-0-387-35285-5_10"},{"issue":"3","key":"7_CR13","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"D. Ferraiolo","year":"2001","unstructured":"D. Ferraiolo, R. Sandhu, S. Gavrilaa, R. Kuhn, and R. Chandramouli. Proposed nist standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224\u2013274, 2001.","journal-title":"ACM Transactions on Information and System Security"},{"issue":"3","key":"7_CR14","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1145\/293910.293151","volume":"23","author":"E. Bertino","year":"1998","unstructured":"E. Bertino, C. Bettini, E. Ferrari, and P. Samarati. An access control model supporting periodicity constraints and temporal reasoning. ACM Transactions on Database Systems, 23(3):231\u2013285, 1998.","journal-title":"ACM Transactions on Database Systems"},{"key":"7_CR15","unstructured":"Oracle Corporation. The Virtual Private Database in Oracle9iR2: An Oracle Technical White Paper, January 2002. Available at http:\/\/www.oracle.com."},{"issue":"1","key":"7_CR16","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1145\/290163.290171","volume":"1","author":"R. Sandhu","year":"1998","unstructured":"R. Sandhu and F. Chen. The multilevel relational data model. ACM Transactions on Information and System Security, 1(1):93\u2013132, 1998.","journal-title":"ACM Transactions on Information and System Security"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"S. Jajodia, R. Sandhu, and B. Blaustein. Solutions to the polyinstantiation problem. Information Security: An Integrated Collection of Essays, 1994.","DOI":"10.21236\/ADA279217"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"O. SamySayadjari. Multilevel security: Reprise. IEEE Security and Privacy, 2004.","DOI":"10.1109\/MSP.2004.78"},{"issue":"3","key":"7_CR19","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1109\/4236.935172","volume":"5","author":"E. Bertino","year":"2001","unstructured":"E. Bertino, S. Castano, and E. Ferrari. Securing xml documents with author-x. IEEE Internet Computing, 5(3):21\u201330, 2001.","journal-title":"IEEE Internet Computing"},{"key":"7_CR20","unstructured":"OASIS Consortium. eXtensible Access Control Markup Language (XACML) Committee Specification, Version 1.1, 2000. Available at: http:\/\/www.oasisopen.org\/committees\/xacml\/."},{"key":"7_CR21","doi-asserted-by":"crossref","unstructured":"S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In Proceedings of ACM SIGMOD conference, June 2004.","DOI":"10.1145\/1007568.1007631"},{"issue":"1","key":"7_CR22","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1145\/103140.103144","volume":"16","author":"F. Rabitti","year":"1991","unstructured":"F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A model of authorization for next-generation database systems. ACM Transactions on Database Systems, 16(1):88\u2013131, 1991.","journal-title":"ACM Transactions on Database Systems"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"B. Thuraisingham. Mandatory security in object-oriented database systems. In Proceedings of International Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), 1989.","DOI":"10.1145\/74877.74899"},{"key":"7_CR24","unstructured":"IBM. DB2 Information Center. Available at http:\/\/publib.boulder.ibm.com\/infocenter\/db2luw\/v8\/\/index.jsp."},{"key":"7_CR25","unstructured":"MySQL. MySQL 5.1 Reference Manual, 2006. Available at http:\/\/dev.mysql.com\/doc\/refman\/5.1\/en."},{"key":"7_CR26","unstructured":"ANSI. American national standard for information technology-role based access control. ANSI INCITS 359-2004, February 2004."},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order-preserving encryption for numeric data. In Proceedings of ACM SIGMOD Conference, 2004.","DOI":"10.1145\/1007568.1007632"},{"key":"7_CR28","unstructured":"S. Axelsson. Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Chalmers Univ., March 2000."},{"key":"7_CR29","unstructured":"E. Bertino, A. Kamra, and E. Terzi. Intrusion detection in rbac-administered databases. In Proceedings of Annual Computer Security Applications Conference (ACSAC), 2005."},{"key":"7_CR30","unstructured":"R. Sandhu. On five definitions of data integrity. In the IFIP WG11.3 Workshop on Database Security, 1993."},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"E. Bertino and R. Sandhu. Database security-concepts, approaches, and challenges. IEEE Transaction on dependable and secure computing, 2005.","DOI":"10.1109\/TDSC.2005.9"},{"key":"7_CR32","unstructured":"R. Sandhu and S. Jajodia. Integrity mechanisms in database management systems. In NIST-NCSC National Computer Security Conference, 1990."},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"D.D. Clark and D.R. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium on Security and Privacy, 1987.","DOI":"10.1109\/SP.1987.10001"},{"key":"7_CR34","unstructured":"M. Bishop. Computer Security: Art and Science. Addison-Wesley, 2003."},{"key":"7_CR35","unstructured":"K.J. Biba. Integrity considerations for secure computer systems. Technical Report TR-3153, Mitre, 1977."},{"key":"7_CR36","unstructured":"R. Ramakrishnan and J. Gehrke. Database Management Systems. McGraw-Hill, 2000."},{"key":"7_CR37","unstructured":"A.A. Alfantookh. An automated universal server level solution for sql injection security flaw. In Proceedings of International Conference on Electrical, Electronic and Computer Engineering (ICEEC), 2004."},{"key":"7_CR38","unstructured":"K.K. Mookhey and N. Burghate. Detection of SQL Injection and Crosssite Scripting Attacks, 2003. Available at http:\/\/www.securityfocus.com\/infocus\/ 1768."},{"key":"7_CR39","unstructured":"Imperva. Sql injection signatures evasion. Technical report, 2004."},{"issue":"3","key":"7_CR40","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1016\/0169-023X(93)90025-K","volume":"11","author":"B.M. Thuraisingham","year":"1993","unstructured":"B.M. Thuraisingham, W. Ford, M. Collins, and J. OKeeffe. Design and implementation of a database inference controller. Data Knowledge Engineering, 11(3):271\u2013285, 1993.","journal-title":"Data Knowledge Engineering"},{"issue":"3","key":"7_CR41","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1145\/320613.320616","volume":"5","author":"D.E. Denning","year":"1980","unstructured":"D.E. Denning. Secure statistical databases with random sample queries. ACM Transactions on Database Systems, 5(3):291\u2013315, 1980.","journal-title":"ACM Transactions on Database Systems"},{"issue":"1","key":"7_CR42","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1145\/320128.320138","volume":"5","author":"D.E. Denning","year":"1980","unstructured":"D.E. Denning and J. Schlorer. A fast procedure for finding a tracker in a statistical database. ACM Transactions on Database Systems, 5(1):88\u2013102, 1980.","journal-title":"ACM Transactions on Database Systems"}],"container-title":["Security, Privacy, and Trust in Modern Data Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-69861-6_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,18]],"date-time":"2019-05-18T22:17:46Z","timestamp":1558217866000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-69861-6_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540698609","9783540698616"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-69861-6_7","relation":{},"subject":[],"published":{"date-parts":[[2007]]}}}