Abstract
s organizations increase their reliance on, possibly distributed, information systems for daily business, they become more
vulnerable to security breaches even as they gain productivity and efficiency advantages. Though a number of techniques, such as
encryption and electronic signatures, are currently available to protect data when transmitted across sites, a truly comprehensive
approach for data protection must also include mechanisms for enforcing access control policies based on data contents, subject
qualifications and characteristics, and other relevant contextual information, such as time. It is well understood today that the
semantics of data must be taken into account in order to specify effective access control policies. Also, techniques for data integrity
and availability specifically tailored to database systems must be adopted. In this respect, over the years the database security
community has developed a number of different techniques and approaches to assure data confidentiality, integrity, and availability.
However, despite such advances, the database security area faces several new challenges. Factors such as the evolution of security
concerns, the
Keywords
Data confindentiality, data privacy, relational and object databases, XML.