Please use this identifier to cite or link to this item:
http://hdl.handle.net/10773/12594
Title: | Runtime values driven by access control policies: statically enforced at the level of relational business tiers |
Author: | Pereira, Óscar Mortágua Aguiar, Rui L. Santos, Maribel Yasmina |
Keywords: | Information security Access control Database Business tiers Software architecture |
Issue Date: | 27-Jun-2013 |
Publisher: | Knowledge Systems Institute |
Abstract: | Access control is a key challenge in software engineering, especially in relational database applications. Current access control techniques are based on additional security layers designed by security experts. These additional security layers do not take into account the necessary business logic leading to a separation between business tiers and access control mechanisms. Moreover, business tiers are built from commercial tools (ex: Hibernate, JDBC, ODBC, LINQ), which are not tailored to deal with security aspects. To overcome this situation several proposals have been presented. In spite of their relevance, they do not support the enforcement of access control policies at the level of the runtime values that are used to interact with protected data. Runtime values are critical entities because they play a key role in the process of defining which data is accessed. In this paper, we present a general technique for static checking, at the business tier level, the runtime values that are used to interact with databases and in accordance with the established access control policies. The technique is applicable to CRUD (create, read, update and delete) expressions and also to actions (update and insert) that are executed on data retrieved by Select expressions. A proof of concept is also presented. It uses an access control platform previously developed, which lacks the key issue of this paper. The collected results show that the presented approach is an effective solution to enforce access control policies at the level of runtime values that are used to interact with data residing in relational databases. |
Peer review: | yes |
URI: | http://hdl.handle.net/10773/12594 |
ISBN: | 1-891706-33-0 978-1-891706-33-2 |
ISSN: | 2325-9000 |
Publisher Version: | http://www.ksi.edu/seke/seke13.html |
Appears in Collections: | DETI - Comunicações |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
2013-06-27 (SEKE - Boston - USA) Runtime Values Driven by Access Control Policies Statically Enforced at the Level of the Relational Business Tiers.pdf | Documento principal | 327.68 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.