Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions

Detalhes bibliográficos
Autor(a) principal: Pereira, Óscar Mortágua
Data de Publicação: 2014
Outros Autores: Regateiro, Diogo, Aguiar, Rui L.
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/13119
Resumo: Most of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.
id RCAP_a6aa9b87879f27bde7d65d207370c12d
oai_identifier_str oai:ria.ua.pt:10773/13119
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressionsRBACAccess controlInformation securitySoftware architectureDistributed systemsMiddlewareDatabasesMost of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.IEEE2015-01-12T13:06:07Z2014-06-23T00:00:00Z2014-06-23conference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10773/13119eng1530-134610.1109/ISCC.2014.6912546Pereira, Óscar MortáguaRegateiro, DiogoAguiar, Rui L.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-05-06T03:52:13Zoai:ria.ua.pt:10773/13119Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-05-06T03:52:13Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
title Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
spellingShingle Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
Pereira, Óscar Mortágua
RBAC
Access control
Information security
Software architecture
Distributed systems
Middleware
Databases
title_short Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
title_full Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
title_fullStr Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
title_full_unstemmed Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
title_sort Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions
author Pereira, Óscar Mortágua
author_facet Pereira, Óscar Mortágua
Regateiro, Diogo
Aguiar, Rui L.
author_role author
author2 Regateiro, Diogo
Aguiar, Rui L.
author2_role author
author
dc.contributor.author.fl_str_mv Pereira, Óscar Mortágua
Regateiro, Diogo
Aguiar, Rui L.
dc.subject.por.fl_str_mv RBAC
Access control
Information security
Software architecture
Distributed systems
Middleware
Databases
topic RBAC
Access control
Information security
Software architecture
Distributed systems
Middleware
Databases
description Most of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.
publishDate 2014
dc.date.none.fl_str_mv 2014-06-23T00:00:00Z
2014-06-23
2015-01-12T13:06:07Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/13119
url http://hdl.handle.net/10773/13119
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 1530-1346
10.1109/ISCC.2014.6912546
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv IEEE
publisher.none.fl_str_mv IEEE
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv mluisa.alvim@gmail.com
_version_ 1817543525726683136

Registros relacionados