Speaker: Arnon Sturm, Ben Gurion University

Title: A Methodology for Developing Secure Database Code

Abstract

Security in general and database protection from unauthorized access in particular, are crucial to organizations. Several methods and techniques were devised to address this concern. However, none of these provide a comprehensive solution. In this talk we explore a work done within the context of a research project which aims at developing a methodology for guiding and enforcing developers, in particular database designers, to deal with database security requirements related to authorization in the early stages of development. The proposed methodology enables to define and enforce organizational security policies, and to validate that security requirements defined by the designers of an application are in accord with the organizational security requirements. Moreover, the methodology includes the transformation of the design results into actual implementation, i.e., into the specification of the database code, including the authorization specification. We also present an empirical evaluation of part of the proposed approach.