• DocumentCode
    2027641
  • Title

    Tracking end-users in web databases

  • Author

    Rozenberg, Boris ; Gonen, Yaron ; Gudes, Ehud ; Gal-Oz, Nurit ; Shmueli, Erez

  • Author_Institution
    Dept. of Comput. Sci., Ben Gurion Univ., Beer-Sheva, Israel
  • fYear
    2011
  • fDate
    6-8 Sept. 2011
  • Firstpage
    105
  • Lastpage
    112
  • Abstract
    When a database is accessed via a web application, users usually receive a pooled connection to the database. From a database point of view, such a connection is always established by the same user (i.e. the web application) and specific data on the end user is not available. As a consequence, users´ specific transactions cannot be audited and fine-grained access control cannot be enforced at the database level. In this paper we propose a method and a system which provide the ability to track the end users in web databases. The new method can be applied to legacy web applications without requiring any changes in their existing infrastructure. Furthermore, the new users tracking ability provides a basis for native database protection mechanisms, and intrusion detection systems.
  • Keywords
    Internet; authorisation; information services; personal computing; Web databases; database protection mechanism; end user tracking; fine-grained access control; intrusion detection system; legacy Web application; user specific transaction; Access control; Databases; Fingerprint recognition; Training; Web servers; DB users tracking; auditing; web users tracking;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and System Security (NSS), 2011 5th International Conference on
  • Conference_Location
    Milan
  • Print_ISBN
    978-1-4577-0458-1
  • Type

    conf

  • DOI
    10.1109/ICNSS.2011.6059966
  • Filename
    6059966
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2027641