{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T23:46:29Z","timestamp":1740181589806,"version":"3.37.3"},"reference-count":15,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,7,7]],"date-time":"2021-07-07T00:00:00Z","timestamp":1625616000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,7,7]],"date-time":"2021-07-07T00:00:00Z","timestamp":1625616000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2021,9]]},"DOI":"10.1007\/s42979-021-00712-7","type":"journal-article","created":{"date-parts":[[2021,7,7]],"date-time":"2021-07-07T17:36:43Z","timestamp":1625679403000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries"],"prefix":"10.1007","volume":"2","author":[{"given":"Hoang Nguyen Phuoc","family":"Bao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4966-855X","authenticated-orcid":false,"given":"Manuel","family":"Clavel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,7,7]]},"reference":[{"doi-asserted-by":"publisher","unstructured":"Basin DA, Clavel M, Egea M. A decade of model-driven security. In: Breu R, Crampton J, Lobo J, editors. 16th ACM symposium on access control models and technologies, SACMAT 2011, Innsbruck, Austria, June 15\u201317, 2011, Proceedings. ACM; 2011. p. 1\u201310. https:\/\/doi.org\/10.1145\/1998441.1998443.","key":"712_CR1","DOI":"10.1145\/1998441.1998443"},{"issue":"1","key":"712_CR2","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/1125808.1125810","volume":"15","author":"DA Basin","year":"2006","unstructured":"Basin DA, Doser J, Lodderstedt T. Model driven security: from UML models to access control infrastructures. ACM Trans Softw Eng Methodol. 2006;15(1):39\u201391. https:\/\/doi.org\/10.1145\/1125808.1125810.","journal-title":"ACM Trans Softw Eng Methodol"},{"unstructured":"Browder K, Davidson MA. The virtual private database in Oracle9iR2. Tech. rep., Oracle Corporation; 2002. https:\/\/www.cgisecurity.com\/-database\/oracle\/pdf\/VPD9ir2twp.pdf.","key":"712_CR3"},{"unstructured":"Row and column access control support in IBM DB2 for i. Tech. rep. International Business Machines Corporation; 2014. https:\/\/www.redbooks.ibm.com\/redpapers\/pdfs\/redp5110.pdf\/.","key":"712_CR4"},{"doi-asserted-by":"crossref","unstructured":"Demuth B, Hu\u00dfmann H, Loecher S. OCL as a specification language for business rules in database applications. In: Gogolla M, Kobryn C, editors. UML, LNCS, vol 2185. Springer; 2001. p. 104\u201317.","key":"712_CR5","DOI":"10.1007\/3-540-45441-1_9"},{"issue":"3","key":"712_CR6","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"DF Ferraiolo","year":"2001","unstructured":"Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur. 2001;4(3):224\u201374. https:\/\/doi.org\/10.1145\/501978.501980.","journal-title":"ACM Trans Inf Syst Secur"},{"doi-asserted-by":"crossref","unstructured":"LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D. Limiting disclosure in Hippocratic databases. In: Proceedings of the thirtieth international conference on very large data bases, VLDB \u201904, vol 30. VLDB Endowment; 2004. p. 108\u201319.","key":"712_CR7","DOI":"10.1016\/B978-012088469-8.50013-9"},{"doi-asserted-by":"publisher","unstructured":"Lodderstedt T, Basin DA, Doser J. SecureUML: a UML-based modeling language for model-driven security. In: J\u00e9z\u00e9quel J, Hu\u00dfmann H, Cook S, editors. UML 2002\u2014the unified modeling language, 5th international conference, Dresden, Germany, September 30\u2013October 4, 2002, Proceedings, Lecture Notes in Computer Science, vol 2460. Springer; 2002. p. 426\u201341. https:\/\/doi.org\/10.1007\/3-540-45800-X_33.","key":"712_CR8","DOI":"10.1007\/3-540-45800-X_33"},{"unstructured":"Mehta A, Elnikety E, Harvey K, Garg D, Druschel P. Qapla: policy compliance for database-backed systems. In: Proceedings of the 26th USENIX conference on security symposium, SEC \u201917. USENIX Association; 2017. p. 1463\u201379.","key":"712_CR9"},{"unstructured":"Montee G. Row-level security in MariaDB 10: protect your data. 2015. https:\/\/mariadb.com\/resources\/blog\/.","key":"712_CR10"},{"doi-asserted-by":"crossref","unstructured":"Nguyen HPB, Clavel M. OCL2PSQL: an OCL-to-SQL code-generator for model-driven engineering. In: Dang TK, K\u00fcng J, Takizawa M, Bui SH, editors. Future data and security engineering\u20146th international conference, FDSE 2019, proceedings, lecture notes in computer science, vol 11814. Springer; 2019. p. 185\u2013203.","key":"712_CR11","DOI":"10.1007\/978-3-030-35653-8_13"},{"doi-asserted-by":"crossref","unstructured":"Nguyen HPB, Clavel M. Model-based characterization of fine-grained access control authorization for SQL queries. J Object Technol. 2020;19(3).","key":"712_CR12","DOI":"10.5381\/jot.2020.19.3.a15"},{"unstructured":"Object Constraint Language specification version 2.4. Tech. rep. Object Management Group; 2014. https:\/\/www.omg.org\/spec\/OCL\/.","key":"712_CR13"},{"unstructured":"PostgreSQL 12.2. Part II. SQL The Language. Chapter 5. Data Definition. 5.8. Row Security Policies. 2017. https:\/\/www.postgresql.org\/docs\/10\/ddl.html.","key":"712_CR14"},{"unstructured":"ISO\/IEC 9075-(1\u201310) Information technology\u2014database languages\u2014SQL. Tech. rep. International Organization for Standardization; 2011. http:\/\/www.iso.org\/iso\/.","key":"712_CR15"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00712-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-021-00712-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00712-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,30]],"date-time":"2021-08-30T18:00:11Z","timestamp":1630346411000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-021-00712-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,7]]},"references-count":15,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,9]]}},"alternative-id":["712"],"URL":"https:\/\/doi.org\/10.1007\/s42979-021-00712-7","relation":{},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"type":"print","value":"2662-995X"},{"type":"electronic","value":"2661-8907"}],"subject":[],"published":{"date-parts":[[2021,7,7]]},"assertion":[{"value":"24 March 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 May 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 July 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"370"}}