Type-Based Access Control in Data-Centric Systems

Hugo Filipe Mendes Torres Vieira; Luís Manuel Marques da Costa Caires; João Ricardo Viegas da Costa Seco

doi:10.1007/978-3-642-19718-5_8

Type-Based Access Control in Data-Centric Systems

Hugo Filipe Mendes Torres Vieira, Luís Manuel Marques da Costa Caires, João Ricardo Viegas da Costa Seco

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Citations (Scopus)

Abstract

Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.

Original language	Unknown
Title of host publication	Lecture Notes in Computer Science (LNCS)
Pages	136-155
DOIs	https://doi.org/10.1007/978-3-642-19718-5_8
Publication status	Published - 1 Jan 2011
Event	European conference on Programming languages and systems - Duration: 1 Jan 2011 → …

Conference

Conference	European conference on Programming languages and systems
Period	1/01/11 → …

Access to Document

10.1007/978-3-642-19718-5_8

Cite this

@inproceedings{0b002912607a4fc6ba2283204ef149bb,

title = "Type-Based Access Control in Data-Centric Systems",

abstract = "Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.",

author = "Vieira, {Hugo Filipe Mendes Torres} and Caires, {Lu{\'i}s Manuel Marques da Costa} and Seco, {Jo{\~a}o Ricardo Viegas da Costa}",

year = "2011",

month = jan,

day = "1",

doi = "10.1007/978-3-642-19718-5_8",

language = "Unknown",

isbn = "978-3-642-19717-8",

pages = "136--155",

booktitle = "Lecture Notes in Computer Science (LNCS)",

note = "European conference on Programming languages and systems ; Conference date: 01-01-2011",

}

TY - GEN

T1 - Type-Based Access Control in Data-Centric Systems

AU - Vieira, Hugo Filipe Mendes Torres

AU - Caires, Luís Manuel Marques da Costa

AU - Seco, João Ricardo Viegas da Costa

PY - 2011/1/1

Y1 - 2011/1/1

N2 - Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.

AB - Data-centric multi-user systems, such as web applications, require flexible yet finegraineddata security mechanisms. Such mechanisms are usually enforced by a speciallycrafted security layer, which adds extra complexity and often leads to error prone coding,easily causing severe security breaches. In this paper, we introduce a programminglanguage approach for enforcing access control policies to data in data-centric programsby static typing. Our development is based on the general concept of refinement type,but extended so as to address realistic and challenging scenarios of permission-baseddata security, in which policies dynamically depend on the database state, and flexiblecombinations of column- and row-level protection of data are necessary. We state andprove soundness and safety of our type system, stating that well-typed programs neverbreak the declared data access control policies.

U2 - 10.1007/978-3-642-19718-5_8

DO - 10.1007/978-3-642-19718-5_8

M3 - Conference contribution

SN - 978-3-642-19717-8

SP - 136

EP - 155

BT - Lecture Notes in Computer Science (LNCS)

T2 - European conference on Programming languages and systems

Y2 - 1 January 2011

ER -