Paul Douglas

RBAC Policy Implementation for SQL Databases

We show how specifications of role-based access control (RBAC) and temporal role-based access control (TRBAC) policies in a logic language may be used in practical implementations of access control policies for protecting the information in SQL databases from unauthorized retrieval and update requests. Performance results for an implementation of a variety of RBAC policies for protecting an SQL databases and some optimization methods that may be used in implementations are described.

Dependency theory e-learning tool

In this paper, we describe an e-learning tool that we have developed to assist University students studying relational schema design. The tool employs expert system techniques to create a learning environment in which students can explore the concepts of dependency theory, and the normalization process. The tool is able to respond in an individualistic way to student input and allows students to construct their own learning environment and develop their understanding of the material at a pace that is controlled by the individual student. Our formative and summative tests indicate that the tool provides students with a different and valuable type of learning experience when compared with a traditional, textbook-based approach.

IMPLEMENTING RBAC POLICIES

We show how role-based access control (RBAC) and temporal RBAC (TRBAC) policies may be formally represented and translated into PL/SQL code to implement practical access control policies to protect Oracle SQL databases. Performance results for an implementation of a TRBAC policy in PL/SQL are presented.

Automatic Creation of Computer Forensic Test Images

This paper investigates the possibilities for the automatic creation of scenario-based test file images for computer forensics testing purposes, and goes on to discuss and review a tool developed for this task. The tool creates NTFS images based on user-selectable data hiding and timeline management. In this paper we document both the creation of the tool and report on its use in a variety of test situations.

Protecting federated databases using a practical implementation of a formal RBAC policy

This paper describes the use of formally specified RBAC policies for protecting federated relational database systems that are accessed over a wide area network. The method that is described combines a formally specified RBAC policy with both temporal and locational constraints. It does not depend on any security mechanism supported by a specific DBMS and is thus portable across platforms.

The Un-Structured Student

SQL (Structured Query Language) is intended to liberate users from the complex syntax, complex semantics and complex memory management that would be required of a procedural approach to relational database manipulation, and so allow users to concentrate on problem-solving. However, students still have problems with language features, program concepts and the legacy of their prior learning. This paper aims to assist lecturers teaching SQL.We present typical student mistakes, attempt to explain why these mistakes arise, and propose possible remedies.

An intelligent tutoring system for program semantics

In this paper, the authors described an item of e-learning software that is intended to help students taking university computer science courses to understand the fundamentals of logic programming and deductive database semantics. The software is implemented in PROLOG and empowers students to explore their understanding of the semantics of logic programs and deductive databases. The software is also able to intelligently diagnose student misconceptions and includes a number of example programs/databases that permit students to test their understanding. The development and evaluation of the software was described, and details of the analysis of the results of the investigation was presented into the effectiveness of the e-learning tool. The results of the field study of the e-learning tool suggest that it of value in helping students to understand program and database semantics.

An e-learning tool for understanding schedule properties

In this paper, we describe an e-learning tool that we have developed to assist university students studying various modules on database systems. We use the acronym DTST (database transaction schedule testing) to refer to our learning tool. DTST enables students to actively construct their own learning environment, it can respond in an individualistic way to student input, and it has a built-in Web interface that makes it widely accessible. Field tests conducted on DTST suggest that it provides students with a different and valuable type of learning experience that traditional methods do not provide.