Utilize este identificador para referenciar este registo:
http://hdl.handle.net/10773/12831
Título: | Distributed and typed role-based access control mechanisms driven by CRUD expressions |
Autor: | Pereira, Óscar Mortágua Regateiro, Diogo Aguiar, Rui L. |
Palavras-chave: | RBAC Access control Information security Software architecture Middleware Distributed systems Relational databases |
Data: | 30-Out-2014 |
Editora: | ORB - Academic Publisher |
Resumo: | Business logics of relational databases applications are an important source of security violations, namely in respect to access control. The situation is particularly critical when access control policies are many and complex. In these cases, programmers of business logics can hardly master the established access control policies. Now we consider situations where business logics are built with tools such as JDBC and ODBC. These tools convey two sources of security threats: 1) the use of unauthorized Create, Read, Update and Delete (CRUD) expressions and also 2) the modification of data previously retrieved by Select statements. To overcome this security gap when Role-based access control policies are used, we propose an extension to the basic model in order to control the two sources of security threats. Finally, we present a software architectural model from which distributed and typed RBAC mechanisms are automatically built, this way relieving programmers from mastering any security schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC. |
Peer review: | yes |
URI: | http://hdl.handle.net/10773/12831 |
ISSN: | 2336-0984 |
Versão do Editor: | http://www.orb-academic.org/index.php/journal-of-computer-science/article/view/35 |
Aparece nas coleções: | DETI - Artigos |
Ficheiros deste registo:
Ficheiro | Descrição | Tamanho | Formato | |
---|---|---|---|---|
2014-10-30 (IJCSTA - Journal) Distributed and Typed Role-based Access Control Mechanisms Driven by CRUD Expressions.pdf | Documento principa | 1.02 MB | Adobe PDF | Ver/Abrir |
Todos os registos no repositório estão protegidos por leis de copyright, com todos os direitos reservados.