TY  - CHAP
ID  - eprints2719
PB  - Springer
UR  - http://dx.doi.org/10.1007/978-3-642-19718-5_8
EP  - 155
AV  - public
SN  - 978-3-642-19718-5
T2  - Programming Languages and Systems
SP  - 136
Y1  - 2011///
T3  - Lecture Notes in Computer Science
N2  - Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
N1  - Proceedings of the 20th European Symposium on Programming, ESOP 2011, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2011, Saarbrücken, Germany, March 26?April 3, 2011
TI  - Type-based access control in data-centric systems
A1  - Caires, Luis
A1  - Pérez, Jorge A.
A1  - Seco, João C.
A1  - Torres Vieira, Hugo 
A1  - Ferrão, Lúcio
ER  -