Type-based Access Control in Data-Centric Systems


	BibTex \| RIS \| RefWorks Download

, , ,

Data-centric multi-user systems, such as web applications, require flexible yet fine- grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies. Data-centric multi-user software systems are a pervasive class of software applications, where transactions manipulate information stored in a shared database on behalf of sev- eral different users, playing several different roles. In the case of web-based systems, of which common examples are collaborative applications or social networks, the number of users may be extremely large, and the security requirements critical. Indeed, such systems require very flexible yet fine-grained data security mechanisms, including dynamic, role-based access control. Moreover, web applications are usually developed and executed in heterogeneous multiple-tier environments. Access control to data in such environments is typically performed at runtime by specially crafted security code, which mediates between the application code and the relational database management system. Such a security layer is hard to construct, error prone, and may easily cause se- vere security breaches. To make things a bit harder, access control policies are usually dependent on stored data and meta-data, and highly dynamic. Addressing such security requirements is frequently hindered by the expressiveness gap that exists between the required access control policies at the application side, and the actual security mechanisms provided by database engines. Properly mapping the access control policies defined at the application side into associated database mechanisms is often difficult, if not impossible, also because multiple application profiles should be related to only a few database profiles. As an unfortunate side result, the enforcement of access control policies at the database level is kept to a minimum, promoting security breaches, as a consequence of the lack of protection between layers. It is therefore important to identify new verification methods to prevent programmers from inadvertently violating access control constraints in such common scenarios of permission-based data-centric security.

Conference: European Symposium on Programming - ESOP , pp. 136-155, 2011

DOI: 10.1007/978-3-642-19718-5_8

Cumulative Annual

View Publication

( www.springerlink.com )

( www.informatik.uni-trier.de )

( dx.doi.org )


	The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.

Keywords (15)