Secure, dynamic and distributed access control stack for database applications

Detalhes bibliográficos
Autor(a) principal: Pereira, Óscar Mortágua
Data de Publicação: 2015
Outros Autores: Regateiro, Diogo Domingues, Aguiar, Rui L.
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10773/16173
Resumo: In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.
id RCAP_cc9aeaa754bd9a4c87a4c11e45945003
oai_identifier_str oai:ria.ua.pt:10773/16173
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Secure, dynamic and distributed access control stack for database applicationsInformation securityAccess controlDatabaseSQLSoftware architectureIn database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.Knowledge Systems Institute2016-09-30T11:23:50Z2015-07-06T00:00:00Z2015-07-06conference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10773/16173eng2325-90002325-908610.18293/SEKE2015-049Pereira, Óscar MortáguaRegateiro, Diogo DominguesAguiar, Rui L.info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-05-06T03:58:05Zoai:ria.ua.pt:10773/16173Portal AgregadorONGhttps://www.rcaap.pt/oai/openairemluisa.alvim@gmail.comopendoar:71602024-05-06T03:58:05Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Secure, dynamic and distributed access control stack for database applications
title Secure, dynamic and distributed access control stack for database applications
spellingShingle Secure, dynamic and distributed access control stack for database applications
Pereira, Óscar Mortágua
Information security
Access control
Database
SQL
Software architecture
title_short Secure, dynamic and distributed access control stack for database applications
title_full Secure, dynamic and distributed access control stack for database applications
title_fullStr Secure, dynamic and distributed access control stack for database applications
title_full_unstemmed Secure, dynamic and distributed access control stack for database applications
title_sort Secure, dynamic and distributed access control stack for database applications
author Pereira, Óscar Mortágua
author_facet Pereira, Óscar Mortágua
Regateiro, Diogo Domingues
Aguiar, Rui L.
author_role author
author2 Regateiro, Diogo Domingues
Aguiar, Rui L.
author2_role author
author
dc.contributor.author.fl_str_mv Pereira, Óscar Mortágua
Regateiro, Diogo Domingues
Aguiar, Rui L.
dc.subject.por.fl_str_mv Information security
Access control
Database
SQL
Software architecture
topic Information security
Access control
Database
SQL
Software architecture
description In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.
publishDate 2015
dc.date.none.fl_str_mv 2015-07-06T00:00:00Z
2015-07-06
2016-09-30T11:23:50Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/16173
url http://hdl.handle.net/10773/16173
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2325-9000
2325-9086
10.18293/SEKE2015-049
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Knowledge Systems Institute
publisher.none.fl_str_mv Knowledge Systems Institute
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv mluisa.alvim@gmail.com
_version_ 1817543562243342336

Registros relacionados