Publication
Runtime values driven by access control policies: statically enforced at the level of relational business tiers
| Summary: | Access control is a key challenge in software engineering, especially in relational database applications. Current access control techniques are based on additional security layers designed by security experts. These additional security layers do not take into account the necessary business logic leading to a separation between business tiers and access control mechanisms. Moreover, business tiers are built from commercial tools (ex: Hibernate, JDBC, ODBC, LINQ), which are not tailored to deal with security aspects. To overcome this situation several proposals have been presented. In spite of their relevance, they do not support the enforcement of access control policies at the level of the runtime values that are used to interact with protected data. Runtime values are critical entities because they play a key role in the process of defining which data is accessed. In this paper, we present a general technique for static checking, at the business tier level, the runtime values that are used to interact with databases and in accordance with the established access control policies. The technique is applicable to CRUD (create, read, update and delete) expressions and also to actions (update and insert) that are executed on data retrieved by Select expressions. A proof of concept is also presented. It uses an access control platform previously developed, which lacks the key issue of this paper. The collected results show that the presented approach is an effective solution to enforce access control policies at the level of runtime values that are used to interact with data residing in relational databases. |
|---|---|
| Main Authors: | Pereira, Óscar M. |
| Other Authors: | Aguiar, Rui L.; Santos, Maribel Yasmina |
| Subject: | Security Access control Databases Business tiers Software architecture Database |
| Year: | 2013 |
| Country: | Portugal |
| Document type: | conference paper |
| Access type: | open access |
| Associated institution: | Universidade do Minho |
| Language: | English |
| Origin: | RepositóriUM - Universidade do Minho |
Similar Items
BTA: architecture for reusable business tier components with access control
by: Pereira, Óscar M.
Published: (2012)
by: Pereira, Óscar M.
Published: (2012)
A reusable business tier component with a single wide range static interface
by: Pereira, Óscar M.
Published: (2011)
by: Pereira, Óscar M.
Published: (2011)
Reusable Business Tier Architecture driven by a wide typed service
by: Pereira, Óscar M.
Published: (2013)
by: Pereira, Óscar M.
Published: (2013)
Reusable Business Tier Components: based on CLI and driven by a single wide typed service
by: Pereira, Óscar Mortágua
Published: (2014)
by: Pereira, Óscar Mortágua
Published: (2014)
An adaptable business component based on pre-defined business interfaces
by: Pereira, Óscar M.
Published: (2011)
by: Pereira, Óscar M.
Published: (2011)
ORCA : architecture for business tier components driven by dynamic adaptation and based on call level interfaces
by: Pereira, Óscar M.
Published: (2012)
by: Pereira, Óscar M.
Published: (2012)
ABC architecture: a new approach to build reusable and adaptable business tier components based on static business interfaces
by: Pereira, Óscar M.
Published: (2013)
by: Pereira, Óscar M.
Published: (2013)
CRUD-DOM: a model for bridging the gap between the object-oriented and the relational paradigms : an enhanced performance assessment based on a case study
by: Pereira, Óscar M.
Published: (2011)
by: Pereira, Óscar M.
Published: (2011)
Accessible tourism through digital accessibility: a systematic literature review
by: Fernández-Díaz, Elena
Published: (2021)
by: Fernández-Díaz, Elena
Published: (2021)
Query driven sequence pattern mining
by: Azevedo, Paulo J.
Published: (2006)
by: Azevedo, Paulo J.
Published: (2006)
Interpreting legislative controls of DNA databases
by: Soares, Filipe de Sá
Published: (2010)
by: Soares, Filipe de Sá
Published: (2010)
SafeRegions: performance evaluation of multi-party protocols on HBase
by: Pontes, Rogerio
Published: (2016)
by: Pontes, Rogerio
Published: (2016)
Top-tier advisors in M&A transactions : they used to matter
by: Silva, Caio Leandro Oliveira Costa da
Published: (2017)
by: Silva, Caio Leandro Oliveira Costa da
Published: (2017)
Database migration : CLI
by: Ramalho, José Carlos
Published: (2012)
by: Ramalho, José Carlos
Published: (2012)
ProFuelDB : an open-access database of physiological properties of biofuel-producing anaerobic prokaryotes
by: Lourenço, C. P.
Published: (2013)
by: Lourenço, C. P.
Published: (2013)
Fluency training for struggling readers: examining the effects of a Tier-2 intervention in third graders
by: Cruz, Joana
Published: (2023)
by: Cruz, Joana
Published: (2023)
d'Artagnan: a trusted NoSQL database on untrusted clouds
by: Pontes, Rogerio
Published: (2019)
by: Pontes, Rogerio
Published: (2019)
Performance trade-offs on a secure multi-party relational database
by: Pontes, Rogério
Published: (2017)
by: Pontes, Rogério
Published: (2017)
Beyond relational databases: preserving the data
by: Ramalho, José Carlos
Published: (2020)
by: Ramalho, José Carlos
Published: (2020)
Public transport travel planning application
by: Correia, Marisol B.
Published: (1999)
by: Correia, Marisol B.
Published: (1999)
Accelerating deep learning training on high-performance computing with storage tiering
by: Dantas, Marco Filipe Leitão
Published: (2022)
by: Dantas, Marco Filipe Leitão
Published: (2022)
Visual interactive subgroup discovery with numerical properties of interest
by: Jorge, Alípio M.
Published: (2006)
by: Jorge, Alípio M.
Published: (2006)
New dimension in relational database preservation : raising the abstraction level
by: Freitas, Ricardo André Pereira
Published: (2011)
by: Freitas, Ricardo André Pereira
Published: (2011)
Database synchronization model for mobile devices
by: Domingos, João
Published: (2014)
by: Domingos, João
Published: (2014)
Determinants of top-tier banking efficiency in Europe : size and ownership
by: Machado, André Cordeiro Costa
Published: (2020)
by: Machado, André Cordeiro Costa
Published: (2020)
Researchers’ information needs in the bibliographic database: a literature review
by: Andrade, Morgana
Published: (2014)
by: Andrade, Morgana
Published: (2014)
A Concurrent Tuple Set Architecture for Call Level Interfaces
by: Pereira, Óscar M.
Published: (2013)
by: Pereira, Óscar M.
Published: (2013)
A pervasive approach to a real-time intelligent decision support system in intensive medicine
by: Portela, Filipe
Published: (2013)
by: Portela, Filipe
Published: (2013)
7to77, A new database querying experience
by: Martins, João
Published: (2015)
by: Martins, João
Published: (2015)
Information needs of researchers in a bibliographic databases environment : a literature review
by: Andrade, Morgana
Published: (2014)
by: Andrade, Morgana
Published: (2014)
AKARA: A flexible clustering protocol for demanding transactional workloads
by: Correia, Alfrânio
Published: (2008)
by: Correia, Alfrânio
Published: (2008)
Mining approximate motifs in time series
by: Azevedo, Paulo J.
Published: (2006)
by: Azevedo, Paulo J.
Published: (2006)
Protein sequence pattern mining with constraints
by: Ferreira, Pedro Gabriel
Published: (2005)
by: Ferreira, Pedro Gabriel
Published: (2005)
Bidirectional conversion between XML documents and relational data bases
by: Jacinto, Marta Henriques
Published: (2002)
by: Jacinto, Marta Henriques
Published: (2002)
GORDA: an open architecture for database replication
by: Correia Júnior, Alfrânio Tavares
Published: (2007)
by: Correia Júnior, Alfrânio Tavares
Published: (2007)
Gerador de eventos para testes de configurações de um SIEM
by: Mendonça, Nuno Miguel Lobão
Published: (2015)
by: Mendonça, Nuno Miguel Lobão
Published: (2015)
Database Preservation Toolkit: a flexible tool to normalize and give access to databases
by: Ramalho, José Carlos
Published: (2014)
by: Ramalho, José Carlos
Published: (2014)
CTSA : Concurrent Tuple Set Architecture Extending Concurrency to Call Level Interfaces
by: Pereira, Óscar Mortágua
Published: (2013)
by: Pereira, Óscar Mortágua
Published: (2013)
ACADA: access control-driven architecture with dynamic adaptation
by: Pereira, Óscar M.
Published: (2012)
by: Pereira, Óscar M.
Published: (2012)
SMEs and family Smes: specificities from the portuguese socio-business context
by: Marques, Ana Paula
Published: (2017)
by: Marques, Ana Paula
Published: (2017)