eprintid: 2719
rev_number: 8
eprint_status: archive
userid: 59
dir: disk0/00/00/27/19
datestamp: 2015-06-25 12:52:14
lastmod: 2015-06-25 12:52:14
status_changed: 2015-06-25 12:52:14
type: book_section
succeeds: 2316
metadata_visibility: show
creators_name: Caires, Luis
creators_name: Pérez, Jorge A.
creators_name: Seco, João C.
creators_name: Torres Vieira, Hugo 
creators_name: Ferrão, Lúcio
creators_id: 
creators_id: 
creators_id: 
creators_id: hugo.torresvieira@imtlucca.it
creators_id: 
title: Type-based access control in data-centric systems
ispublished: pub
subjects: QA75
divisions: CSA
full_text_status: public
note: Proceedings of the 20th European Symposium on Programming, ESOP 2011, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2011, Saarbrücken, Germany, March 26–April 3, 2011
abstract: Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.
date: 2011
series: Lecture Notes in Computer Science
number: 6602
publisher: Springer
pagerange: 136-155
id_number: 10.1007/978-3-642-19718-5_8
refereed: TRUE
isbn: 978-3-642-19718-5
book_title: Programming Languages and Systems
official_url: http://dx.doi.org/10.1007/978-3-642-19718-5_8
citation:   Caires, Luis and Pérez, Jorge A. and Seco, João C. and Torres Vieira, Hugo  and Ferrão, Lúcio  Type-based access control in data-centric systems.   In:  Programming Languages and Systems.   Lecture Notes in Computer Science  (6602).  Springer, pp. 136-155.  ISBN 978-3-642-19718-5      (2011)  
document_url: http://eprints.imtlucca.it/2719/1/tbac.pdf