Publication detail

Advanced autonomous access control system for web-based server applications

CVRK, L., VRBA, V., MOLNÁR, K.

Original Title

Advanced autonomous access control system for web-based server applications

Czech Title

Pokročilý autonomní systém řízení přístupu pro serverové aplikace ve webovém prostředí

English Title

Advanced autonomous access control system for web-based server applications

Type

conference paper

Language

en

Original Abstract

The number of the server applications in the world is rapidly increasing. Many of them need to handle user access. A typical approach is to implement access control logic directly into an object which is responsible for storing and retrieving the data and performing required operations over the data. The object checks access to appropriate methods and permits or denies required operation. But the systems are usually constructed from many such objects which require similar access control system. This leads to a greater overhead because access control checking must be coded inside all those objects. More code brings more bugs into the system moreover if a programmer simply forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that problem area and designs a unified database layer operating over relation database management systems. Key benefits it brings are strong simplification of the access control system from the point of view of the application code and impossibility to access data without permissions.

Czech abstract

Množství serverových aplikací na světě prudce narůstá. Velká většina z nich musí řešit správu a řízení přístupu uživatelů. Typickým přístupem k řešení tohoto problému je implementovat řízení přístupu přímo do objektu, který je zodpovědný za ukládání a načítání dat a provádění operací nad daty. Tento objekt ověří práva přístupu ke konkrétním metodám a povolí či zakáže provedení požadované operace. Ale systémy jsou obvykle složeny z mnoha takových objektů, které vyžadují obdobný systém řízení přístupu. To vede k větší režii neboť ověřování přístupu musí být naprogramováno v rámci všech těchto objektů. Je známo, že více kódu vedek zavedení více chyb do systému, navíc programátor může pouze zapomenout provést potřebné ověření přístupu, čímž do systému zavede chybu, jejíž zneužití vede k neoprávněnému přístupu k datům. Tento příspěvek se zabývá uvedeným tématem a navrhuje univerzální datovou vrstvu, která pracuje nad systémy řízení báze dat. Hlavní přínosy jsou dramatické zjednodušení systému řízení přístupů z pohledu aplikačního kódu a garance nemožnosti přístupu k datům bez požadovaných přístupových oprávnění.

English abstract

The number of the server applications in the world is rapidly increasing. Many of them need to handle user access. A typical approach is to implement access control logic directly into an object which is responsible for storing and retrieving the data and performing required operations over the data. The object checks access to appropriate methods and permits or denies required operation. But the systems are usually constructed from many such objects which require similar access control system. This leads to a greater overhead because access control checking must be coded inside all those objects. More code brings more bugs into the system moreover if a programmer simply forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that problem area and designs a unified database layer operating over relation database management systems. Key benefits it brings are strong simplification of the access control system from the point of view of the application code and impossibility to access data without permissions.

Keywords

access control, SQL, database

RIV year

2007

Released

02.04.2007

Publisher

International Association of Science and Technology for Development

Location

Phuket

ISBN

978-0-88986-656-0

Book

Proceeding of the 3rd International Conference on Advances in Computer Science and Technology

Pages from

1

Pages to

6

Pages count

6

BibTex


@inproceedings{BUT22799,
  author="Lubomír {Cvrk} and Vít {Vrba} and Karol {Molnár}",
  title="Advanced autonomous access control system for web-based server applications",
  annote="The number of the server applications in the world is rapidly increasing. Many of them need to handle user access. A typical approach is to implement access control logic directly into an object which is responsible for storing and retrieving the data and performing required operations over the data. The object checks access to appropriate methods and permits or denies required operation. But the systems are usually constructed from many such objects which require similar access control system. This leads to a greater overhead because access control checking must be coded inside all those objects. More code brings more bugs into the system moreover if a programmer simply forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that problem area and designs a unified database layer operating over relation database management systems. Key benefits it brings are strong simplification of the access control system from the point of view of the application code and impossibility to access data without permissions.",
  address="International Association of Science and Technology for Development",
  booktitle="Proceeding of the 3rd International Conference on Advances in Computer Science and Technology",
  chapter="22799",
  institution="International Association of Science and Technology for Development",
  year="2007",
  month="april",
  pages="1",
  publisher="International Association of Science and Technology for Development",
  type="conference paper"
}