Publication detail

Advanced access control system for multi-tier server applications

CVRK, L. VRBA, V. MOLNÁR, K.

Original Title

Advanced access control system for multi-tier server applications

Czech Title

Pokročilý systém řízení přístupu pro vícevrstvé serverové aplikace

English Title

Advanced access control system for multi-tier server applications

Type

conference paper

Language

en

Original Abstract

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

Czech abstract

Serverové aplikace jsou jedněmi z nejdůležitějších komponent v aplikacích, které používají vícevrstvou architekturu. Tyto serverové komponenty musí řešit přístup uživatelů. Logika řízení přístupu bývá obvykle implementována přímo v kódu objektů, které jsou zodpovědné za operace nad daty. Tyto objekty ověřují přístup k jejich metodám a povolují provedné zadané operace. V systémech se nachází mnoho takových objektů s podobným posláním. Všechny tyto objekty realizují obdobný systém řízení přístupu což vede k větší náročnosti na zdroje a je také náchylnější na chyby. Tento článek se zabývá uvedenou problematikou a navrhuje řešení daných problémů ve formě abstrakce od relačního datového zdroje. Výsledné řešení zcela zabraňuje neoprávněnému přístupu k datům.

English abstract

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

Keywords

database, SQL, access control, DBMS abstraction

RIV year

2007

Released

20.04.2007

Publisher

IEEE Computer Society

Location

Sainte-Luce

ISBN

0-7695-2807-4

Book

Proceeding of the Second International Conference on Systems

Edition number

1.

Pages from

1

Pages to

6

Pages count

6

BibTex


@inproceedings{BUT22797,
  author="Lubomír {Cvrk} and Vít {Vrba} and Karol {Molnár}",
  title="Advanced access control system for multi-tier server applications",
  annote="Server applications are one of the most important components of applications which use multi-tire architecture.  These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.",
  address="IEEE Computer Society",
  booktitle="Proceeding of the Second International Conference on Systems",
  chapter="22797",
  institution="IEEE Computer Society",
  year="2007",
  month="april",
  pages="1",
  publisher="IEEE Computer Society",
  type="conference paper"
}