Fine-Grained Access Control with Object-Sensitive Roles

Fischer, Jeffrey; Marino, Daniel L.; Majumdar, Rupak; Millstein, Todd

doi:10.1007/978-3-642-03013-0_9

Cited by 27 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It has been used to create several interesting typecheckers not anticipated during its design. For instance, in addition to the pluggable type systems presented in this article, recent work by Fischer, Marino, Majumdar, and Millstein [2009] used JAVACOP to implement static checking for a parameterized, role-based access control system that supports fine-grained access policies. The type system includes a form of dependent types and effect checking and makes use of JAVACOP'S dataflow framework to incorporate flow-sensitive reasoning.…”

Section: Discussionmentioning

confidence: 98%

“…This article presents the results of our experiences with four qualitatively different pluggable type systems in JAVACOP . Other uses of JAVACOP have been described elsewhere, including a pluggable type system to enforce safe memory management in the real-time specification for Java [Andreae et al 2006a]; a pluggable type system to enforce fine-grained access control policies [Fischer et al 2009]; and a pluggable type system to enforce safety-critical software standards that has been used by the JSR 302 working group on Safety Critical Java Technology [JSR 302 2006].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

JavaCOP

Markstrum

Marino

Esquivel

et al. 2010

ACM Trans. Program. Lang. Syst.

Self Cite

View full text Add to dashboard Cite

Pluggable types enable users to enforce multiple type systems in one programming language. We have developed a suite of tools, called the JAVACOP framework, that allows developers to create pluggable type systems for Java. JAVACOP provides a simple declarative language in which program constraints are defined over a program's abstract syntax tree. The JAVACOP compiler automatically enforces these constraints on programs during compilation. The JAVACOP framework also includes a dataflow analysis API in order to support type systems which depend on flow-sensitive information. Finally, JAVACOP includes a novel test framework which helps users gain confidence in the correctness of their pluggable type systems. We demonstrate the framework by discussing a number of pluggable type systems which have been implemented in JAVACOP in order to detect errors and enforce strong invariants in programs. These type systems range from general-purpose checkers, such as a type system for nonnull references, to domain-specific ones, such as a checker for conformance to a library's usage rules.

show abstract

Section: Discussionmentioning

confidence: 98%

Section: Introductionmentioning

confidence: 99%

JavaCOP

Markstrum

Marino

Esquivel

et al. 2010

ACM Trans. Program. Lang. Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Then, RMI Proxy Objects are generated in accordance with the established access control policies (they contain the authorized methods only). Fischer et al [16] present a more fine-grained access control, which uses parameterized Annotations to assign roles to methods. These approaches, in contrast with our concept, do not facilitate the access to a relational database because the developers still need to have full knowledge of the database schema and also the authorized accesses to database objects.…”

Section: Related Workmentioning

confidence: 99%

“…We use this Java property to allow hierarchization of roles. Beyond extending the role Role_IRole_A, Role_IRole_B1 comprises two Business Schemas: i_orders (9-10) and s_customers (15)(16). The first Business Schema manages one CRUD expression identified by i_orders_I_Orders_withCustomerID (line 11-12) and the second manages s_customers_S_Customer_all (line 17-18).…”

Section: B Policy Extractormentioning

confidence: 99%

Role-Based Access control mechanisms

Pereira

Regateiro

Aguiar

2014

2014 IEEE Symposium on Computers and Communications (ISCC)

View full text Add to dashboard Cite

Abstract-Most of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.

show abstract

“…In contrast, a typechecker ensures that annotations and code are consistent at compiletime. For example, Object-sensitive Role Based Access Control (ORBAC) [29] uses a typechecker to enforce the security policy that a user cannot read confidential data of other users unless their roles allow him to do so. However, ORBAC does not handle object hierarchy and the role-based protection is not propagated to children objects, although the children may represent confidential data.…”

Section: Related Workmentioning

confidence: 99%

Finding architectural flaws using constraints

Vanciu

Abi-Antoun

2013

2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

Abstract-During Architectural Risk Analysis (ARA), security architects use a runtime architecture to look for security vulnerabilities that are architectural flaws rather than coding defects. The current ARA process, however, is mostly informal and manual. In this paper, we propose Scoria, a semi-automated approach for finding architectural flaws. Scoria uses a sound, hierarchical object graph with abstract objects and dataflow edges, where edges can refer to nodes in the graph. The architects can augment the object graph with security properties, which can express security information unavailable in code. Scoria allows architects to write queries on the graph in terms of the hierarchy, reachability, and provenance of a dataflow object. Based on the query results, the architects enhance their knowledge of the system security and write expressive constraints. The expressiveness is richer than previous approaches that check only for the presence or absence of communication or do not track a dataflow as an object. To evaluate Scoria, we apply these constraints to several extended examples adapted from the CERT standard for Java to confirm that Scoria can detect injected architectural flaws. Next, we write constraints to enforce an Android security policy and find one architectural flaw in one Android application.

show abstract

Fine-Grained Access Control with Object-Sensitive Roles

Cited by 27 publications

References 24 publications

JavaCOP

JavaCOP

Role-Based Access control mechanisms

Finding architectural flaws using constraints

Contact Info

Product

Resources

About