CITI has stopped operations in 2014, to co-launch NOVA LINCS THIS SITE IS NOT BEING UPDATED SINCE 2013
citi banner
  Home  \  Seminars @ CITI  \  Seminar Page Login  
banner bottom
File Top
Type-based Access Control in Data-Centric Systems
{ Wed, 8 Jun 2011, 14h00 }

By: João Costa Seco

Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this talk, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing.

Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary.

We present our type system and corresponding safety properties that ensure that well-typed programs never break the declared data access control policies. We also present a prototype of a development environment for web applications that includes an implementation of our type system.

(joint work with: Luís Caires, Hugo T. Vieira, Jorge A. Perez, Lucio Ferrão, Luísa Lourenço and Miguel Domingues )

Hosted by: Software Systems

Location: DI seminars room

File Bottom