Data Security and Privacy

This chapter discusses security technologies and describes the various aspects of data security and privacy. Security policies include mandatory security policies and discretionary security policies. Mandatory security policies are the policies that are "mandatory" in nature and enforced by the systems. The security-related issues might be responsibility of the system security officer, while the data-related issues might be the responsibility of the database administrator. Views as a mechanism for security has been studied a great deal both for discretionary security and mandatory security. Structured Query Language (SQL) has also been extended with more complex constraints such as granting John read access to a tuple in a relation and granting Jane write access to an element in a relation. SQL extensions have also been proposed for role-based access control (RBAC). RBAC has become one of the most popular access control methods. There is also a conference series called Symposium on Access Control Models and Technologies that evolved from RBAC research efforts.