Top

Published in:

2016 | OriginalPaper | Chapter

Idea: Supporting Policy-Based Access Control on Database Systems

Authors : Jasper Bogaerts, Bert Lagaisse, Wouter Joosen

Published in: Engineering Secure Software and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Applications are increasingly operating on large data sets. This trend creates problems for access control, which in principle restricts the actions that subjects can perform on any item in that data set. Performance issues therefore emerge, typically for operations on entire data sets. Emerging access control models such as attribute-based access control do meet their limitations in this context. Worse, few solutions exist that addresses performance problems while supporting separation of concerns. In this paper, we present a first approach towards addressing this challenge. We propose a middleware architecture that performs policy transformations and query rewriting for externalized policies to optimize the access control process on the data set. We argue that this offers a promising approach for reducing the policy evaluation overhead for access control on large data sets.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Inferring Semantic Mapping Between Policies and Code: The Clue is in the Language

next chapter Idea: Enforcing Security Properties by Solving Behavioural Equations

Java Database Connectivity, see also http://www.oracle.com/technetwork/java/overview-141217.html.

Java Persistence API, see also http://www.oracle.com/technetwork/java/javaee/tech/persistence-jsp-140049.html.

Oracle Virtual Private Database (VPD). http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm. (Accessed 02 September 2015)

Axiomatics. Data Access Filter (ADAF). http://www.axiomatics.com/solutions/products/authorization-for-databases/197-axiomatics-data-access-filter-adaf.html. (Accessed 2 October 2015)

Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Secure Comput. 2(1), 2–19 (2005)CrossRef

Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Control, entity-based access: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference (2015)

Carminati, B., Ferrari, E., Cao, J., Tan, K.L.: A framework to enforce access control over data streams. In: ACM TISSEC (2010)

Cook, W.R., Rai, S., Safe query objects: statically typed objects as remotely executable queries. In: 27th International Conference on Software Engineering, ICSE, Proceedings, pp. 97–106. IEEE (2005)

De Win, B., Piessens, F., Joosen, W., Verhanneman, T.: On the importance of the separation-of-concerns principle in secure software engineering. In: Workshop on the Application of Engineering Principles to System Security Design (2002)

Decat, M., Bogaerts, J., Lagaisse, B., Joosen, W.: Amusa: middleware for efficient access control management of multi-tenant SaaS applications. In: Proceedings of the 30th Annual ACM Symposium on Applied Computing. ACM (2015)

Gay, R., Hu, J., Mantel, H.: CliSeAu: securing distributed java programs by cooperative dynamic enforcement. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 378–398. Springer, Heidelberg (2014)

10.

Grummt, E., Müller, M.: Fine-grained access control for EPC information services. In: Floerkemeier, C., Langheinrich, M., Fleisch, E., Mattern, F., Sarma, S.E. (eds.) IOT 2008. LNCS, vol. 4952, pp. 35–49. Springer, Heidelberg (2008)CrossRef

11.

Hu, V., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (2014)

12.

Mell, P., Grance, T.: The NIST definition of cloud computing. In: NIST (2009)

13.

Moeys, J., Decat, M.: Simple Tree-structured Attribute-based Policy Language (STAPL). https://github.com/stapl-dsl. (Accessed 2 October 2015)

14.

OASIS. eXtensible Access Control Markup Language (XACML) Standard v3.0 (2013). http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf

15.

Olson, L.E., Gunter, C.A., Cook, W.R., Winslett, M.: Implementing reflective access control in SQL. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 17–32. Springer, Heidelberg (2009)CrossRef

16.

Opyrchal, L., Cooper, J., Poyar, R., Lenahan, B., Zeinner, D.: Bouncer: policy-based fine grained access control in large databases. Int. J. Secur. Appl. 5(2), 1–16 (2011)

17.

Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39–44 (2006)CrossRef

18.

Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD Conference on Management of data. ACM (2004)

19.

Roichman, A., Gudes, E.: Fine-grained access control to web databases. In: Symposium on Access Control Models and Technologies. ACM (2007)

20.

Samarati, P., Vimercati, S., Control, A.: Policies, models, and mechanisms. In: Foundations of Security Analysis and Design, pp. 137–196 (2001)

21.

Turkmen, F., Crispo, B.: Performance evaluation of XACML PDP implementations. In: Workshop on Secure Web Services. ACM (2008)

22.

Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: RFC 2904: AAA Authorization Framework, August 2000

Title: Idea: Supporting Policy-Based Access Control on Database Systems
Authors: Jasper Bogaerts
Bert Lagaisse
Wouter Joosen
Publisher: Springer International Publishing
Book: Engineering Secure Software and Systems
Print ISBN: 978-3-319-30805-0

Electronic ISBN: 978-3-319-30806-7

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-3-319-30806-7_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner