Publication detail

Advanced access control system for multi-tier server applications

CVRK, L. VRBA, V. MOLNÁR, K.

Original Title

Advanced access control system for multi-tier server applications

English Title

Advanced access control system for multi-tier server applications

Type

conference paper

Language

en

Original Abstract

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

English abstract

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

Keywords

database, SQL, access control, DBMS abstraction

RIV year

2007

Released

20.04.2007

Publisher

IEEE Computer Society

Location

Sainte-Luce

ISBN

0-7695-2807-4

Book

Proceeding of the Second International Conference on Systems

Edition number

1.

Pages from

1

Pages to

6

Pages count

6

BibTex


@inproceedings{BUT22797,
  author="Lubomír {Cvrk} and Vít {Vrba} and Karol {Molnár}",
  title="Advanced access control system for multi-tier server applications",
  annote="Server applications are one of the most important components of applications which use multi-tire architecture.  These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.",
  address="IEEE Computer Society",
  booktitle="Proceeding of the Second International Conference on Systems",
  chapter="22797",
  institution="IEEE Computer Society",
  year="2007",
  month="april",
  pages="1",
  publisher="IEEE Computer Society",
  type="conference paper"
}