Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.
|Title of host publication||Lecture Notes in Computer Science (LNCS)|
|Publication status||Published - 1 Jan 2011|
|Event||European conference on Programming languages and systems - |
Duration: 1 Jan 2011 → …
|Conference||European conference on Programming languages and systems|
|Period||1/01/11 → …|