relation: http://eprints.imtlucca.it/2719/
title: Type-based access control in data-centric systems
creator: Caires, Luis
creator: Pérez, Jorge A.
creator: Seco, João C.
creator: Torres Vieira, Hugo 
creator: Ferrão, Lúcio
subject: QA75 Electronic computers. Computer science
description: Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
publisher: Springer
date: 2011
type: Book Section
type: PeerReviewed
format: application/pdf
language: en
identifier: http://eprints.imtlucca.it/2719/1/tbac.pdf
identifier:   Caires, Luis and Pérez, Jorge A. and Seco, João C. and Torres Vieira, Hugo  and Ferrão, Lúcio  Type-based access control in data-centric systems.   In:  Programming Languages and Systems.   Lecture Notes in Computer Science  (6602).  Springer, pp. 136-155.  ISBN 978-3-642-19718-5      (2011)  
relation: http://dx.doi.org/10.1007/978-3-642-19718-5_8
relation: 10.1007/978-3-642-19718-5_8