3 research outputs found
Intelligent Enforcemen to fFine-Grained Access Control Policies for SQL Queries
Máster Interuniversitario en Métodos Formales en IngenierÃa InformáticaRecently, we proposed a model-driven methodology to support fine-grained access
control (FGAC) at the database level. More specifically, we defined a model transformation function that inputs SQL queries and generates so-called security-aware
SQL stored-procedures. As part of the proposal, we developed an application prototype, called SQL Security Injector (SQLSI). In a nutshell, given an FGAC policy
S, a user u, with role r, and a query q, SQLSI automatically generates a storedprocedure sp, such that: if the user u is authorized, according to the FGAC policy
S, to execute the query q, then calling the stored-procedure sp will return the same
result as executing the query q; otherwise, calling the stored-procedure sp will signal
an error.
As expected, there is a performance overhead when executing an (unsecured)
SQL query via the corresponding (secured) stored-procedure generated by SQLSI.
The reason is clear: FGAC policies require performing authorization checks on
the current state of the system, which, in the case of executing SQL queries, will
translate into performing authorization checks at execution-time on the database.
SQLSI takes care of generating these checks and makes sure that they are called
at execution-time when a protected resource is accessed. There are cases, however,
where these authorization checks are unnecessary, and, therefore, the performance
overhead can and should be avoided. For example: when the database integrity constraints guarantee that these checks will always be successful; or, when the current
state of the database guarantees that these checks will be successful in this state.
In this thesis, I propose to develop a formal, model-based methodology for enforcing FGAC policies when executing SQL queries in a smart, efficient way. First of all,
I identify situations in which performing authorization checks when executing SQL
queries seem unnecessary, based on the invariants of the underlying data model, or
based on the known properties of the given scenario, or based on the known properties of the arguments of the given query. Secondly, I formally prove that performing
authorization checks when executing SQL queries in these situations is indeed unnecessary. Thirdly, I develop a tool for detecting unnecessary authorization checks
when executing SQL queries
Finalised dependability framework and evaluation results
The ambitious aim of CONNECT is to achieve universal interoperability between heterogeneous Networked Systems by means of on-the-fly synthesis of the CONNECTors through which they communicate. The goal of WP5 within CONNECT is to ensure that the non-functional properties required at each side of the connection going to be established are fulfilled, including dependability, performance, security and trust, or, in one overarching term, CONNECTability. To model such properties, we have introduced the CPMM meta-model which establishes the relevant concepts and their relations, and also includes a Complex Event language to express the behaviour associated with the specified properties. Along the four years of project duration, we have developed approaches for assuring CONNECTability both at synthesis time and at run-time. Within CONNECT architecture, these approaches are supported via the following enablers: the Dependability and Performance analysis Enabler, which is implemented in a modular architecture supporting stochastic verification and state-based analysis. Dependability and performance analysis also relies on approaches for incremental verification to adjust CONNECTor parameters at run-time; the Security Enabler, which implements a Security-by-Contract-with-Trust framework to guarantee the expected security policies and enforce them accordingly to the level of trust; the Trust Manager that implements a model-based approach to mediate between different trust models and ensure interoperable trust management. The enablers have been integrated within the CONNECT architecture, and in particular can interact with the CONNECT event-based monitoring enabler (GLIMPSE Enabler released within WP4) for run-time analysis and verification. To support a Model-driven approach in the interaction with the monitor, we have developed a CPMM editor and a translator from CPMM to the GLIMPSE native language (Drools). In this document that is the final deliverable from WP5 we first present the latest advances in the fourth year concerning CPMM, Dependability&Performance Analysis, Incremental Verification and Security. Then, we make an overall summary of main achievements for the whole project lifecycle. In appendix we also include some relevant articles specifically focussing on CONNECTability that have been prepared in the last period