Fine grained access rights definition in a three tiered information system

Author

Bednárek, David ; Yaghob, Jakub ; Zavoral, Filip

Author_Institution

Fac. of Math. & Phys., Charles Univ. in Prague, Prague

fYear

2008

fDate

16-18 Dec. 2008

Firstpage

252

Lastpage

256

Abstract

Three-tiered information systems often use application-level authentication and authorization schemes. In these architectures, successful attacks to the application server layer offer the attacker unlimited access to the database. The proposed solution to this problem is based on a set of views employing session-scope data to determine the effective user rights. These views are generated from formal description of user and group access rights rules using a XSLT-based generator. In this system, an attacker would see only empty views even in the case he gained full access to the application server. Such a system was successfully implemented and deployed to a large DataPile system with more than 50,000 users with different access rights.

Keywords

XML; authorisation; message authentication; relational databases; application server layer; application-level authentication; authorization scheme; extensible stylesheet language transformations-based generator; fine grained access right; relational database; session-scope data; three tiered information system; Access control; Authentication; Authorization; Data security; Databases; Information systems; Mathematics; Permission; Physics; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Innovations in Information Technology, 2008. IIT 2008. International Conference on

Conference_Location

Al Ain

Print_ISBN

978-1-4244-3396-4

Electronic_ISBN

978-1-4244-3397-1

Type

conf

DOI

10.1109/INNOVATIONS.2008.4781708

Filename

4781708