TY  - CHAP
Y1  - 2011///
AV  - public
TI  - Type-based access control in data-centric systems
UR  - http://dx.doi.org/10.1007/978-3-642-19718-5_8
PB  - Springer
SN  - 978-3-642-19718-5
A1  - Caires, Luis
A1  - Pérez, Jorge A.
A1  - Seco, João C.
A1  - Torres Vieira, Hugo 
A1  - Ferrão, Lúcio
N2  - Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
SP  - 136
T3  - Lecture Notes in Computer Science
N1  - Proceedings of the 20th European Symposium on Programming, ESOP 2011, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2011, Saarbrücken, Germany, March 26?April 3, 2011
ID  - eprints2719
T2  - Programming Languages and Systems
EP  - 155
ER  -