Language-Integrated Updatable Views

Relational lenses are a modern approach to the view update problem in relational databases. As introduced by Bohannon et al. [5], relational lenses allow the definition of updatable views by the composition of lenses performing individual transformations. Horn et al. [20] provided the first implementation of incremental relational lenses, which demonstrated that relational lenses can be implemented efficiently by propagating changes to the database rather than replacing the entire database state. However, neither approach proposes a concrete language design; consequently, it is unclear how to integrate lenses into a general-purpose programming language, or how to check that lenses satisfy the well-formedness conditions needed for predictable behaviour. In this paper, we propose the first full account of relational lenses in a functional programming language, by extending the Links web programming language. We provide support for higher-order predicates, and provide the first account of typechecking relational lenses which is amenable to implementation. We prove the soundness of our typing rules, and illustrate our approach by implementing a curation interface for a scientific database application

ACADA: Access Control-driven Architecture with Dynamic Adaptation

Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enforcement. This paper proposes a new approach based on an architectural model referred to here as the Access Controldriven Architecture with Dynamic Adaptation (ACADA). Solutions based on ACADA are automatically built to statically enforce access control policies based on schemas of Create, Read, Update and Delete (CRUD) expressions. Then, CRUD expressions are dynamically deployed at runtime driven by established access control policies. Any update in the policies is followed by an adaptation process to keep access control mechanisms aligned with the policies to be enforced. A proof of concept based on Java and Java Database Connectivity (JDBC) is also presented

CRUD-DOM: a model for bridging the gap between the object-oriented and the relational paradigms : an enhanced performance assessment based on a case study

The development of database applications comprises three different tiers: application tier, database tier and finally the middle tier also known as the data access layer. The development of each tier per-se entails many challenges. Very often the most difficult challenges to be addressed derive from non-functional requirements, as productivity, usability, performance, reliability, high-availability and transparency. This paper is focused on defining and presenting a model for the data access layer aimed to integrate object-oriented application tiers and relational database tiers. The model addresses situations on which users need to explicitly write down complex static CRUD expressions and simultaneously get advantages regarding some non-functional requirements. The model, known as CRUD Data Object Model (CRUD-DOM), tackles the following non-functional requirements: performance, usability and productivity. The main contributions of this paper are threefold: 1) to present an extended model of CRUD-DOM; 2) to carry out an extended performance assessment based on a case study; 3) to present a tool, called CRUD Manager (CRUD-M), which provides automatic code generation with complementary support for software test and maintenance. The main outcome from this paper is the evidences that the pair CRUD-DOM and CRUD-M effectively addresses productivity, performance and usability requirements in the aforementioned context

DACA: arquitetura para implementação de mecanismos dinâmicos de controlo de acesso em camadas de negócio

Doutoramento em Ciências da ComputaçãoAccess control is a software engineering challenge in database applications. Currently, there is no satisfactory solution to dynamically implement evolving fine-grained access control mechanisms (FGACM) on business tiers of relational database applications. To tackle this access control gap, we propose an architecture, herein referred to as Dynamic Access Control Architecture (DACA). DACA allows FGACM to be dynamically built and updated at runtime in accordance with the established fine-grained access control policies (FGACP). DACA explores and makes use of Call Level Interfaces (CLI) features to implement FGACM on business tiers. Among the features, we emphasize their performance and their multiple access modes to data residing on relational databases. The different access modes of CLI are wrapped by typed objects driven by FGACM, which are built and updated at runtime. Programmers prescind of traditional access modes of CLI and start using the ones dynamically implemented and updated. DACA comprises three main components: Policy Server (repository of metadata for FGACM), Dynamic Access Control Component (DACC) (business tier component responsible for implementing FGACM) and Policy Manager (broker between DACC and Policy Server). Unlike current approaches, DACA is not dependent on any particular access control model or on any access control policy, this way promoting its applicability to a wide range of different situations. In order to validate DACA, a solution based on Java, Java Database Connectivity (JDBC) and SQL Server was devised and implemented. Two evaluations were carried out. The first one evaluates DACA capability to implement and update FGACM dynamically, at runtime, and, the second one assesses DACA performance against a standard use of JDBC without any FGACM. The collected results show that DACA is an effective approach for implementing evolving FGACM on business tiers based on Call Level Interfaces, in this case JDBC.Controlo de acesso é um desafio para a engenharia de software nas aplicações de bases de dados. Atualmente, não há uma solução satisfatória para a implementação dinâmica de mecanismos finos e evolutivos de controlo de acesso (FGACM) ao nível das camadas de negócio de aplicações de bases de dados relacionais. Para solucionar esta lacuna, propomos uma arquitetura, aqui referida como Arquitetura Dinâmica de Controlo de Acesso (DACA). DACA permite que FGACM sejam dinamicamente construídos e atualizados em tempo de execução de acordo com as políticas finas de controlo de acesso (FGACP) estabelecidas. DACA explora e utiliza as características das Call Level Interfaces (CLI) para implementar FGACM ao nível das camadas de negócio. De entre as características das CLI, destacamos o seu desempenho e os diversos modos para acesso a dados armazenados em bases de dados relacionais. Na DACA, os diversos modos de acesso das CLI são envolvidos por objetos tipados derivados de FGACM, que são construídos e atualizados em tempo de execução. Os programadores prescindem dos modos tradicionais de acesso das CLI e passam a utilizar os dinamicamente construídos e atualizados. DACA compreende três componentes principais: Policy Server (repositório de meta-data dos FGACM), Dynamic Access Control Component (componente da camada de negócio que é responsável pela implementação dos FGACM) e Policy Manager (broker entre DACC e Policy Server). Ao contrário das soluções atuais, DACA não é dependente de qualquer modelo de controlo de acesso ou de qualquer política de controlo de acesso, promovendo assim a sua aplicabilidade a muitas e diversificadas situações. Com o intuito de validar DACA, foi concebida e desenvolvida uma solução baseada em Java, Java Database Connectivity (JDBC) e SQL Server. Foram efetuadas duas avaliações. A primeira avalia DACA quanto à sua capacidade para dinamicamente, em tempo de execução, implementar e atualizar FGACM e, a segunda, avalia o desempenho de DACA contra uma solução sem FGACM que utiliza o JDBC normalizado. Os resultados recolhidos mostram que DACA é uma solução válida para implementar FGACM evolutivos em camadas de negócio baseadas em CLI

Distributed and typed role-based access control mechanisms driven by CRUD expressions

Business logics of relational databases applications are an important source of security violations, namely in respect to access control. The situation is particularly critical when access control policies are many and complex. In these cases, programmers of business logics can hardly master the established access control policies. Now we consider situations where business logics are built with tools such as JDBC and ODBC. These tools convey two sources of security threats: 1) the use of unauthorized Create, Read, Update and Delete (CRUD) expressions and also 2) the modification of data previously retrieved by Select statements. To overcome this security gap when Role-based access control policies are used, we propose an extension to the basic model in order to control the two sources of security threats. Finally, we present a software architectural model from which distributed and typed RBAC mechanisms are automatically built, this way relieving programmers from mastering any security schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC

Runtime values driven by access control policies: statically enforced at the level of relational business tiers

Access control is a key challenge in software engineering, especially in relational database applications. Current access control techniques are based on additional security layers designed by security experts. These additional security layers do not take into account the necessary business logic leading to a separation between business tiers and access control mechanisms. Moreover, business tiers are built from commercial tools (ex: Hibernate, JDBC, ODBC, LINQ), which are not tailored to deal with security aspects. To overcome this situation several proposals have been presented. In spite of their relevance, they do not support the enforcement of access control policies at the level of the runtime values that are used to interact with protected data. Runtime values are critical entities because they play a key role in the process of defining which data is accessed. In this paper, we present a general technique for static checking, at the business tier level, the runtime values that are used to interact with databases and in accordance with the established access control policies. The technique is applicable to CRUD (create, read, update and delete) expressions and also to actions (update and insert) that are executed on data retrieved by Select expressions. A proof of concept is also presented. It uses an access control platform previously developed, which lacks the key issue of this paper. The collected results show that the presented approach is an effective solution to enforce access control policies at the level of runtime values that are used to interact with data residing in relational databases.(undefined

Slacker News

Modern web applications incorporate a vast number of technologies and programming paradigms, often presenting an overwhelming landscape of foreign concepts and design patterns. The primary goal of this project is to explore a suite of modern web technologies and concepts through the implementation of a minimalistic Hacker News clone, which is a popular link aggregation site focusing on computer science and entrepreneurship. The primary technologies used in this project are Java and the Spring Boot framework, which provides a simpler interface to the more cumbersome Spring framework, with the goal of allowing for more rapid development

Enabling Personalized Business Process Modeling: The Clavii BPM Platform

Increasing adoption of business process management systems has resulted in large business process models comprising hundreds of activities. Particularly, such process models are hard to understand and maintain. This issue requires innovative approaches to simplify and personalize process models. Therefore, this thesis introduces fundamentals for process views offering personalized perspectives for process participants by abstracting not necessary information. Furthermore, an approach for a domain-specific process modeling language, so-called Process Query Language, is presented. The latter offers process modeling notation independent abilities to define, search, and modify process models as well as process views. The proof-of-concept implementation, so-called Clavii BPM platform, shows up as integrated solution for simple, web-based business process modeling and execution. Thus, it implements basic concepts for process views and the PQL language