Abstract | ||
---|---|---|
Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies. |
Year | Venue | Keywords |
---|---|---|
2011 | ESOP | refinement type,severe security breach,permission-based data security,data access control policy,type-based access control,access control policy,security layer,data-centric system,fine-grained data security mechanism,type system,flexible combination,database state,software systems,social network,relational database management system,access control,role based access control,programming language,data security,data access |
Field | DocType | Volume |
Database-centric architecture,Permission,Data security,Programming language,Computer science,Computer security,Coding (social sciences),Access control,Web application,Soundness,Computer security model | Conference | 6602 |
ISSN | Citations | PageRank |
0302-9743 | 2 | 0.37 |
References | Authors | |
17 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Luís Caires | 1 | 1037 | 63.30 |
Jorge A. Pérez | 2 | 222 | 21.19 |
João Costa Seco | 3 | 71 | 7.36 |
Hugo Torres Vieira | 4 | 134 | 11.17 |
Lúcio Ferrão | 5 | 2 | 0.70 |