Please use this identifier to cite or link to this item:
Title: Secure, dynamic and distributed access control stack for database applications
Author: Pereira, Óscar Mortágua
Regateiro, Diogo Domingues
Aguiar, Rui L.
Keywords: Information security
Access control
Software architecture
Issue Date: Dec-2015
Publisher: World Scientific Publishing
Abstract: In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.
Peer review: yes
DOI: 10.1142/S0218194015710035
ISSN: 0218-1940
Appears in Collections:DETI - Artigos

Files in This Item:
File Description SizeFormat 
(JA) - 2015-12-01 (IJSEKE - Journal) Secure, Dynamic and Distributed Access Control Stack for Database Applications.pdfDocumento principal147.2 kBAdobe PDFrestrictedAccess

Formato BibTex MendeleyEndnote Degois 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.