Автоматизированное создание правил управления доступом к данным средствами СУБД

Прикладные программы доступа к базам данных в корпоративной информационной системе с целью обеспечения гибкости политики безопасности при доступе к данным требуют управления доступом через программирование механизма доступа на уровне строк и столбцов таблиц БД (Row Level Security). Рост числа пользователей и таблиц в БД увеличивает сложность этого процесса управления. Предлагается метод автоматизированного создания правил управления доступом к данным программными средствами активных СУБД для сокращения числа операций при создании пользовательских пространств. Предложен алгоритм для автоматического создания SQL-запросов Row Level Security механизма, который подходит для большинства СУБД, использующих избирательное управление доступом. Метод использует структурно-должностную иерархию пользователей, словари базы данных и программные шаблоны операций управления доступом в различных СУБД.Database applications in enterprise information system for flexibility of security policy large require the Row Level Security mechanism. Large number of users and tables in database increases the process complexity of administration. In this paper, we propose automated design method of hierarchical access control in database to reduce the number of operations for user data spaces creation. An algorithm for automatic creation of SQL-queries in the Row Level Security, which is suitable for most databases using the Discretionary Access Control, is proposed. Method uses structural-post hierarchy users, database dictionary and templates of access control commands for different DBMS

АВТОМАТИЗИРОВАННОЕ СОЗДАНИЕ ПРАВИЛ УПРАВЛЕНИЯ ДОСТУПОМ К ДАННЫМ СРЕДСТВАМИ СУБД

Прикладные программы доступа к базам данных в корпоративной информационной системе с целью обеспечения гибкости политики безопасности при доступе к данным требуют управления доступом через программирование механизма доступа на уровне строк и столбцов таблиц БД (Row Level Security). Рост числа пользователей и таблиц в БД увеличивает сложность этого процесса управления. Предлагается метод автоматизированного создания правил управления доступом к данным программными средствами активных СУБД для сокращения числа операций при создании пользовательских пространств. Предложен алгоритм для автоматического создания SQL-запросов Row Level Security механизма, который подходит для большинства СУБД, использующих избирательное управление доступом. Метод использует структурно-должностную иерархию пользователей, словари базы данных и программные шаблоны операций управления доступом в различных СУБД.\ud \ud Database applications in enterprise information system for flexibility of security policy large require the Row Level Security mechanism. Large number of users and tables in database increases the process complexity of administration. In this paper, we propose automated design method of hierarchical access control in database to reduce the number of operations for user data spaces creation. An algorithm for automatic creation of SQL-queries in the Row Level Security, which is suitable for most databases using the Discretionary Access Control, is proposed. Method uses structural-post hierarchy users, database dictionary and templates of access control commands for different DBMS.\u

Intelligent Enforcemen to fFine-Grained Access Control Policies for SQL Queries

Máster Interuniversitario en Métodos Formales en Ingeniería InformáticaRecently, we proposed a model-driven methodology to support fine-grained access control (FGAC) at the database level. More specifically, we defined a model transformation function that inputs SQL queries and generates so-called security-aware SQL stored-procedures. As part of the proposal, we developed an application prototype, called SQL Security Injector (SQLSI). In a nutshell, given an FGAC policy S, a user u, with role r, and a query q, SQLSI automatically generates a storedprocedure sp, such that: if the user u is authorized, according to the FGAC policy S, to execute the query q, then calling the stored-procedure sp will return the same result as executing the query q; otherwise, calling the stored-procedure sp will signal an error. As expected, there is a performance overhead when executing an (unsecured) SQL query via the corresponding (secured) stored-procedure generated by SQLSI. The reason is clear: FGAC policies require performing authorization checks on the current state of the system, which, in the case of executing SQL queries, will translate into performing authorization checks at execution-time on the database. SQLSI takes care of generating these checks and makes sure that they are called at execution-time when a protected resource is accessed. There are cases, however, where these authorization checks are unnecessary, and, therefore, the performance overhead can and should be avoided. For example: when the database integrity constraints guarantee that these checks will always be successful; or, when the current state of the database guarantees that these checks will be successful in this state. In this thesis, I propose to develop a formal, model-based methodology for enforcing FGAC policies when executing SQL queries in a smart, efficient way. First of all, I identify situations in which performing authorization checks when executing SQL queries seem unnecessary, based on the invariants of the underlying data model, or based on the known properties of the given scenario, or based on the known properties of the arguments of the given query. Secondly, I formally prove that performing authorization checks when executing SQL queries in these situations is indeed unnecessary. Thirdly, I develop a tool for detecting unnecessary authorization checks when executing SQL queries

Extensão de propriedades SQL a SGBD NoSQL através de call level interfaces

Mestrado em Engenharia de Computadores e TelemáticaOs arquitetos de software usam ferramentas, tais como Call Level Interfaces (CLI), para guardar, atualizar e retirar dados de Sistemas de Gestão de Bases de Dados (SGBD). Estas ferramentas estão desenhadas para efetuarem a junção entre os paradigmas de Base de Dados Relacional e da Programação Orientada a Objetos e fornecem funcionalidades padrão para interagir com SGBD. No entanto, a emergência do paradigma NoSQL, e particularmente de novos fornecedores de SGBD NoSQL, leva a situações onde algumas das funcionalidades padrão fornecidas por CLI não são suportadas. Isto deve-se normalmente à distância entre o modelo SQL e NoSQL, ou devido a restrições de design. Assim, quando um arquiteto de sistema precisa de evoluir, nomeadamente de um SGBD relacional para um SGBD NoSQL, tem de ultrapassar as dificuldades que emergem por existirem funcionalidades não suportadas pelo SGBD NoSQL. Não só isso, mas as CLI costumam ignorar políticas de controlo de acesso estabelecidas e, portanto, programadores de aplicações têm de dominar as ditas políticas de maneira a desenvolverem software em concordância com elas. Escolher o SGBD NoSQL errado pode levar a problemas de grandes dimensões quando as aplicações pedem funcionalidades não suportadas ou a que não têm acesso. Esta tese foca-se em implementar funcionalidades que não são comummente suportadas por SGBD NoSQL, tais como Stored Procedures, Transações, Save Points e interações com estruturas de memória local, através de uma framework baseada numa CLI padrão. O modelo de implementação de funcionalidades é definido por módulos da nossa framework, e permite a criação de sistemas distribuídos e tolerantes a falhas, que simulam as funcionalidades anteriormente referidas e abstraem as funcionalidades da base de dados subjacente de clientes. Também temos como objetivo integrar a nossa framework com trabalho anterior, a S-DRACA, uma arquitetura dinâmica e segura de controlo de acesso para aplicações relacionais, onde as permissões são definidas como sequências de expressões create, read, update e delete. Com esta integração, conseguimos fornecer Role-Based Access Control e outras funcionalidades de segurança a qualquer tipo de SGBD. Desenvolvemos várias formas de utilizar cada componente (localmente ou distribuído) e a framework está construída de forma modular, o que permite aos vários componentes serem utilizados individualmente ou em grupo, assim como permite o acrescento de funcionalidades ou SGBD adicionais por administradores de sistema que queiram adaptar a framework às suas necessidades particulares.To store, update and retrieve data from database management systems (DBMS), software architects use tools, like call level interfaces (CLI), which provide standard functionality to interact with DBMS. These tools are designed to bring together the relational database and object-oriented programming paradigms, but the emergence of the NoSQL paradigm, and particularly new NoSQL DBMS providers, leads to situations where some of the standard functionality provided by CLI are not supported, very often due to their distance from the relational model or due to design constraints. As such, when a system architect needs to evolve, namely from a relational DBMS to a NoSQL DBMS, he must overcome the difficulties conveyed by the features not provided by the NoSQL DBMS. Not only that, but CLI usually forsake applied access control policies. As such, application developers must master the established policies as a means to develop software that is conformant with them. Choosing the wrong NoSQL DBMS risks major issues with applications requesting non-supported features and with unauthorized accesses. This thesis focuses on deploying features that are not so commonly supported by NoSQL DBMS, such as Stored Procedures, Transactions, Save Points and interactions with local memory structures, through a framework based in a standard CLI. The feature implementation model is defined by modules of our framework, and allows for distributed and fault-tolerant systems to be deployed, which simulate the previously mentioned features and abstract the underlying database features from clients. It is also our goal to integrate our framework with previous work, S-DRACA, a dynamic secure access control architecture for relational applications, where permissions are defined as a sequence of create, read, update and delete expressions. With the integration, we can provide dynamic Role-Based Access Control and other security features to any kind of DBMS. We developed several ways of using each component (locally or distributed) and the framework is built in a modular fashion, which allows several components to be used individually or together, as well as extra features or DBMS to be added by system administrators that wish to adapt the framework to their particular needs

DACA: arquitetura para implementação de mecanismos dinâmicos de controlo de acesso em camadas de negócio

Doutoramento em Ciências da ComputaçãoAccess control is a software engineering challenge in database applications. Currently, there is no satisfactory solution to dynamically implement evolving fine-grained access control mechanisms (FGACM) on business tiers of relational database applications. To tackle this access control gap, we propose an architecture, herein referred to as Dynamic Access Control Architecture (DACA). DACA allows FGACM to be dynamically built and updated at runtime in accordance with the established fine-grained access control policies (FGACP). DACA explores and makes use of Call Level Interfaces (CLI) features to implement FGACM on business tiers. Among the features, we emphasize their performance and their multiple access modes to data residing on relational databases. The different access modes of CLI are wrapped by typed objects driven by FGACM, which are built and updated at runtime. Programmers prescind of traditional access modes of CLI and start using the ones dynamically implemented and updated. DACA comprises three main components: Policy Server (repository of metadata for FGACM), Dynamic Access Control Component (DACC) (business tier component responsible for implementing FGACM) and Policy Manager (broker between DACC and Policy Server). Unlike current approaches, DACA is not dependent on any particular access control model or on any access control policy, this way promoting its applicability to a wide range of different situations. In order to validate DACA, a solution based on Java, Java Database Connectivity (JDBC) and SQL Server was devised and implemented. Two evaluations were carried out. The first one evaluates DACA capability to implement and update FGACM dynamically, at runtime, and, the second one assesses DACA performance against a standard use of JDBC without any FGACM. The collected results show that DACA is an effective approach for implementing evolving FGACM on business tiers based on Call Level Interfaces, in this case JDBC.Controlo de acesso é um desafio para a engenharia de software nas aplicações de bases de dados. Atualmente, não há uma solução satisfatória para a implementação dinâmica de mecanismos finos e evolutivos de controlo de acesso (FGACM) ao nível das camadas de negócio de aplicações de bases de dados relacionais. Para solucionar esta lacuna, propomos uma arquitetura, aqui referida como Arquitetura Dinâmica de Controlo de Acesso (DACA). DACA permite que FGACM sejam dinamicamente construídos e atualizados em tempo de execução de acordo com as políticas finas de controlo de acesso (FGACP) estabelecidas. DACA explora e utiliza as características das Call Level Interfaces (CLI) para implementar FGACM ao nível das camadas de negócio. De entre as características das CLI, destacamos o seu desempenho e os diversos modos para acesso a dados armazenados em bases de dados relacionais. Na DACA, os diversos modos de acesso das CLI são envolvidos por objetos tipados derivados de FGACM, que são construídos e atualizados em tempo de execução. Os programadores prescindem dos modos tradicionais de acesso das CLI e passam a utilizar os dinamicamente construídos e atualizados. DACA compreende três componentes principais: Policy Server (repositório de meta-data dos FGACM), Dynamic Access Control Component (componente da camada de negócio que é responsável pela implementação dos FGACM) e Policy Manager (broker entre DACC e Policy Server). Ao contrário das soluções atuais, DACA não é dependente de qualquer modelo de controlo de acesso ou de qualquer política de controlo de acesso, promovendo assim a sua aplicabilidade a muitas e diversificadas situações. Com o intuito de validar DACA, foi concebida e desenvolvida uma solução baseada em Java, Java Database Connectivity (JDBC) e SQL Server. Foram efetuadas duas avaliações. A primeira avalia DACA quanto à sua capacidade para dinamicamente, em tempo de execução, implementar e atualizar FGACM e, a segunda, avalia o desempenho de DACA contra uma solução sem FGACM que utiliza o JDBC normalizado. Os resultados recolhidos mostram que DACA é uma solução válida para implementar FGACM evolutivos em camadas de negócio baseadas em CLI