The Trust Policy File - Applying Dynamic Trust Based Access Control to Improve XML Databases Se

The trust policy file contains all policies that are related to the calculation of the Trust Value. These policies can be classified as the Bad Transaction Factor policy, the Error Factor policy, the weights policy, and the equations policy. The bad transactions policy is used to assign a value for BTF based on the number of errors recorded in the XLog file. The Error Factor (EF) policy aims to find the value for the EF using the number of errors in the XLog file. Both the Bad Transaction Factor policy and Error Factor policy were described in the previous Section (7.6.1). The weights policy stores the percentages of ETVW, BTFW, and EFW. These percentages are defined by the administrator according to the organisation strategies. The

ETV ETVW EF EFW BTF BTFW TV

0.5 85% 0 5% 0 10% 0.575

0.5 85% 0.25 5% 0.25 10% 0.387

0.5 85% 0.5 5% 0.5 10% 0.350

0.5 85% 0.75 5% 0.75 10% 0.312

0.5 85% 1 5% 1 10% 0.275

equations policy contains the equations that are used to calculate the new Trust Value. These equations were also explained earlier in Section 7.6.1.

Like other policy files, the trust policy file is a standard XML file. It starts with the root node <New Trust Value>, which has four children. Each of these sub nodes represents one of the four policies. The Bad Transaction Factor policy is defined by <Bad Transaction Factor>. The Error Factor policy is defined by <Error Factor>. <Weights> is used to represent the weights policy. This node consists of three sub elements: <ETVW>, <BTFW>, and

<EFW>. Each one of these elements contains a percentage for the specific factor. The equations policy is defined by <Equations>. This tag contains the equations syntax to calculate the new Trust Value. The structure of the trust policy file is shown in Figure 7.4.

Figure ‎7.4 The trust policy file

IF BTNUM=0 Then BTF=0, “Negligible”.

IF 0<BTNUM<=5 Then BTF=0.25, “Low”.

IF 5<BTNUM<=10 Then BTF=0.50, “Moderate”.

IF 10<BTNUM<=15 Then BTF=0.75, “High”.

IF 15 <BTNUM Then BTF=1, “Extreme”.

</Bad Transaction Factor >

IF ENUM=0 Then EF=0, “Negligible”.

IF 0<ENUM<=5 Then EF=0.25, “Low”.

IF 5<ENUM<=10 Then EF=0.50, “Moderate”.

IF 10<ENUM<=15 Then EF=0.75, “High”.

IF 15 <ENUM Then EF=1, “Extreme”.

Where EF=0 and BTF=0 Then TV= ETV*ETVW + (1-BTF)*BTFW + (1-EF)*EFW.

Where EF=0 and BTF>0 Then TV= ETV*ETVW - BTF *BTFW.

Where EF>0 and BTF=0 Then TV= ETV*ETVW - EF *EFW.

Where EF>0 and BTF>0 Then TV= ETV*ETVW - EF*EFW - BTF*BTFW.

</Equations>

</New Trust Value>

7.7 Conclusion

The trust module is the first part of the system. It is integrated with the access control module to perform the system’s process. The trust module aims to capture the user behaviour and calculate the Trust Value. It consists of four components and all of them work together. The components’

functions depend on the policy files. Defining specific policies is difficult because the rules will be different from system to system and from one organisation to another. Therefore, policies are defined in general and can be changed or extended according to system and organisation needs. The second part of the system, which is the access control module, is described in the following Chapter.

8 T HE A CCESS C ONTROL M ODULE

8.1 Introduction

The Trust Based Access Control for XML databases consists of two modules: the trust module and the access control module. The trust module was described in detail in the previous Chapter. In this Chapter the access control module is explained. This module consists of two parts: the access manager and the access decision maker. Section 8.2 gives the overall view of the access control module. The access manager is explained and the access permission policies for both users and data are described in Section 8.3. The access decision maker is described in 8.4. The conclusions are summarised in Section 8.5.

8.2 Access Control Module Overall

The access control module is connected to the trust module (see Chapter 6), which is the other important part of the Trust Based Access Control system.

The combination makes the access processes dynamic and responsive to the current evaluation of users’ Trust Values. The access control module:

 Stores the access rules for both users and data in the policy files.

 Checks the queries and makes the decision whether access is to be permitted or denied.

 Searches and retrieves data from the XML database when access is approved.

 Update users’ privileges depending on the Trust Values that are provided by the trust module.

The access process in this module depends on the access manager and the access decision maker. The access manager deals with access policies; the access

decision maker determines, in the light of these policies, whether the access can be permitted or denied. Both the access manager and the access decision maker mechanisms are explained in the following Sections.

In document Applying Dynamic Trust Based Access Control to Improve XML Databases Security (Page 91-95)