Accesibilidad y canales de atención a la ciudadanía

5 THE RESEARCH HYPOTHESIS

5.1 Introduction

This Chapter presents the motivation for this research in Section 5.2 and the research hypothesis in Section 5.3. In Section 5.4, the main objective, which is to develop a dynamic access model that is responsive to an evaluation of users’ history, is explained. The model tracks users’ errors and bad transactions over time and updates their privileges dynamically. The system prevents outsiders’ attacks as well as insiders’ malicious processes, effectively preventing users from taking advantage of their role.

5.2 Research Motivation

In this Section, the various motivations behind this research are highlighted. The discussion starts by explaining in Section 5.2.1 the importance of using XML databases as opposed to traditional databases. Section 5.2.2 then explains why the research scope is concerned with the security issues in XML databases. Section 5.2.3 motivates the real need to improve access control for both outsiders and insiders. Overall, the motivation for this research is to develop and improve security in XML databases.

5.2.1 The Importance of XML Databases

In the last decade XML has become well established and used in a wide range of areas and applications such as the web, businesses, information systems, and databases (Abiteboul et al., 2000; Champion, 2001; Tidwell, 2002;

Oqbuji, 2004b; Vakali et al., 2005; Anderson, 2008; Jonge, 2008; Whatley, 2009; W3C, 2010; Palani, 2011; Sun and Wang, 2011; Abd El-Aziz and Kannan,

53

2012b; Abd El-Aziz and Kannan, 2012c; Noaman and Almansour, 2012; Verma et al., 2012; Desai, 2013; Vela et al., 2013; W3Schools, 2013a). Due to the recent increase in their usage, much research has been undertaken to improve their efficiency. XML is used to store, transfer, and manipulate data. It has many advantages; it is readable for both humans and machines. It is flexible, simple, and self-descriptive (Abiteboul et al., 2000; Champion, 2001; Tidwell, 2002;

Vakali et al., 2005; Jonge, 2008; Whatley, 2009; W3C, 2010; Palani, 2011;

W3Schools, 2013a). This was discussed further in Chapter 2. As a result of this flexibility, the use of XML databases can be expected to improve and develop.

5.2.2 Security in XML Databases

Having data is a power but it must be dealt with in an appropriate and accurate manner (Griffin et al., 2012). Much of the research on XML focuses on storage strategies and query performance. Although data storage and retrieval techniques are important, so is security and, in comparison, this seems to be a neglected research area. XML databases are multi-user systems, meaning they can be accessed by millions of users, and they can provide a huge amount of data. In all applications and especially in platforms such as business and medical applications, XML databases can contain sensitive, personal, and important data.

Confidential data needs to be protected and saved in a secure environment for legal reasons and in order to prevent loss or misuse. Security for XML databases is therefore crucial in protecting data from unauthorised processes and misuse (Sun and Wang, 2011; Griffin et al., 2012; Noaman and Almansour, 2012;

Verma et al., 2012; Desai, 2013).

One of the main approaches to guarantee security in any system, not just XML databases, is to apply access control. The access control model manages access to data and prevents unauthorised processes (Murata et al., 2006; Sun and Wang, 2011; Verma et al., 2012; Desai, 2013). There has been extensive research in this area but still there are many points that need to be investigated.

54 5.2.3 Trust Based Access Control (TBAC)

Many different models for XML database access control have been proposed and developed (see Chapter 3). They can be categorised into three core categories: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC) (Sandhu et al., 1996; Hitchens and Varadharajan, 2001; Wang and Osborn, 2004; Zhu et al., 2007; Zhu et al., 2009; Xing et al., 2010). There are many other types that are non-traditional, such as function based access control and purpose based access control (Qi et al., 2005; Sun et al., 2010; Sun and Wang, 2011; Fiebig et al., 2012). Some of these models have been applied to provide a secure environment for XML databases.

Most traditional access control models protect data from the malicious activities of outside users but cannot protect the data from insiders. They cannot easily provide protection for privacy data (Chagarlamudi et al., 2009; Xing et al., 2010;

Sun and Wang, 2011). Research has highlighted that damage caused by insiders, who know the system, is more harmful than that of outsiders (Park and Giordano, 2006; Xing et al., 2010). Moreover, internal users may abuse their role and take advantage of their position in the system. The insider threat is a huge topic in data security and many methods have been proposed to identify misuse behaviour (Yi and Brajendra, 2003; Chinchani et al., 2005;

Chagarlamudi et al., 2009); yet there has been no work by other authors on dynamic updates to access privileges in relation to trust for XML databases.

Trust Based Access Control is established and used in many areas, such as networks and virtual organisations. It depends on a trust management system, which automatically calculates and updates the Trust Values of users. Trust Values rely on users’ behaviours, histories, credit, and operations. Users can access resources through Trust Values and levels (Cahill et al., 2003; Bhatti et al., 2004; Almenarez et al., 2006; Lin et al., 2006; Feng et al., 2008; Ma et al., 2008; Lang et al., 2009; Xing et al., 2010; Farooqi and North, 2011a; Farooqi and North, 2011b; Singh, 2011; Farooqi and North, 2012c; Farooqi and North,

55

2012a; Farooqi and North, 2012b; Farooqi and North, 2012d; Farooqi and North, 2013). This was discussed in more detail in Chapter 4.