DATABASE-SECURITY - RESEARCH AND PRACTICE

As an increasing number of organizations become dependent on access to their data over the Internet, the need for adequate security measures is becoming more and more critical. The most popular security measure these days is a firewall. However, a firewall is not immune to penetr ation, and it does not provide any protection of internal resources fr om insiders and successful intruders. One of the requirements for the protection of internal resources is access control to ensure that all accesses are authorized according to some specified policy. In this pa per, we survey the state of the art in access control for database sys tems, discuss the main research issues, and outline possible direction s for future research.