Enhancing Database Security: A Comprehensive Analysis of Access Control Using NIST Metrics
摘要
Data security in companies is a growing concern. It is not enough to ensure the security of data communication, but also of the database systems where the data persists. In the field of Database Management Systems (DBMS), some mechanisms support the security of these systems, namely, access control. The goal of this paper is to present a study on the access control mechanisms of the latest relational DBMS: Microsoft SQL Server 2022. This DBMS is widely used with great support, making this system one of the most used. Its greater diffusion also makes it one of the main targets of attacks. Its access control mechanisms were assessed and tested using the National Institute of Standards and Technology (NIST) metrics. Moreover, a comparison is presented with a previous version of SQL Server regarding metrics, and another general comparison with the MongoDB DBMS system. The result of this work shows how the chosen database management system, MS SQL Server 2022, supports the main concepts and the most popular access control models, as well as the improvements that this version presents compared to previous ones. The evaluation results support decision makers in choosing whether or not to use the SQL Server 2022 DBMS and also the access control models available for implementation. Therefore, we believe that this work will serve as a basis/guide for DBMS administrators or support in choosing the best system in the context of data security.