Type-Based Access Control in Data-Centric Systems

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.
Original languageUnknown
Title of host publicationLecture Notes in Computer Science (LNCS)
Pages136-155
DOIs
Publication statusPublished - 1 Jan 2011
EventEuropean conference on Programming languages and systems -
Duration: 1 Jan 2011 → …

Conference

ConferenceEuropean conference on Programming languages and systems
Period1/01/11 → …

Cite this