Type-Based Access Control in Data-Centric Systems

  • Luís Caires
  • Jorge A. Pérez
  • João Costa Seco
  • Hugo Torres Vieira
  • Lúcio Ferrão
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6602)


Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.


Access Control Reduction Rule Access Control Policy Typing Rule Evaluation Context 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M.: Protection in Programming-Language Translations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 868–883. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Abadi, M.: Access Control in a Core Calculus of Dependency. In: Reppy, J.H., Lawall, J.L. (eds.) Proc. of ICFP 2006, pp. 263–273. ACM, New York (2006)Google Scholar
  3. 3.
    Abadi, M.: Logic in Access Control (Tutorial Notes). In: Proc. of FOSAD. LNCS, vol. 5705, pp. 145–165. Springer, Heidelberg (2009)Google Scholar
  4. 4.
    Abadi, M., Burrows, M., Lampson, B.W., Plotkin, G.D.: A Calculus for Access Control in Distributed Systems. ACM Trans. Program. Lang. Syst. 15(4), 706–734 (1993)CrossRefGoogle Scholar
  5. 5.
    Baltopoulos, I.G., Gordon, A.D.: Secure Compilation of a Multi-Tier Web Language. In: Proc. of TLDI 2009, pp. 27–38. ACM, New York (2009)Google Scholar
  6. 6.
    Bengtson, J., Bhargavan, K., Fournet, C., Gordon, A.D., Maffeis, S.: Refinement Types for Secure Implementations. In: Proc. of CSF 2008, pp. 17–32. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  7. 7.
    Bierman, G.M., Gordon, A.D., Hritcu, C., Langworthy, D.: Semantic Subtyping with an SMT Solver. In: Proc. of ICFP 2010, pp. 105–116. ACM, New York (2010)Google Scholar
  8. 8.
    Bierman, G., Meijer, E., Schulte, W.: The Essence of Data Access in Cω. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 287–311. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Caires, L., Pérez, J.A., Seco, J.C., Vieira, H.T., Ferrão, L.: Type-based Access Control in Data-Centric Systems. Technical Report DIFCTUNL 3/10, U. Nova de Lisboa (2010)Google Scholar
  10. 10.
    Chlipala, A.: Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications. In: Proc. of OSDI 2010, USENIX Association (2010)Google Scholar
  11. 11.
    Cooper, E., Lindley, S., Wadler, P., Yallop, J.: Links: Web Programming Without Tiers. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2006. LNCS, vol. 4709, pp. 266–296. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Corcoran, B.J., Swamy, N., Hicks, M.W.: Cross-Tier, Label-Based Security Enforcement for Web Applications. In: SIGMOD Conference 2009, pp. 269–282. ACM, New York (2009)Google Scholar
  13. 13.
    Freeman, T., Pfenning, F.: Refinement Types for ML. In: Proc. of PLDI 1991, pp. 268–277. ACM, New York (1991)Google Scholar
  14. 14.
    Garg, D., Bauer, L., Bowers, K.D., Pfenning, F., Reiter, M.K.: A Linear Logic of Authorization and Knowledge. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 297–312. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Gordon, A.D., Fournet, C.: Principles and Applications of Refinement Types. Technical Report MSR-TR-2009-147, Microsoft Research (2009)Google Scholar
  16. 16.
    Meijer, E., Beckman, B., Bierman, G.: LINQ: Reconciling Object, Relations and XML in the .NET Framework. In: SIGMOD Conference 2006, pp. 706–706. ACM, New York (2006)Google Scholar
  17. 17.
    Swamy, N., Chen, J., Chugh, R.: Enforcing Stateful Authorization and Information Flow Policies in Fine. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 529–549. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Swamy, N., Corcoran, B.J., Hicks, M.: Fable: A Language for Enforcing User-defined Security Policies. In: Proc. of IEEE S&P 2008, pp. 369–383. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  19. 19.
    Wright, A.K., Felleisen, M.: A Syntactic Approach to Type Soundness. Information and Computation 115, 38–94 (1994)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Luís Caires
    • 1
  • Jorge A. Pérez
    • 1
  • João Costa Seco
    • 1
  • Hugo Torres Vieira
    • 1
  • Lúcio Ferrão
    • 2
  1. 1.CITI and Departamento de Informática, Faculdade de Ciências e TecnologiaUniversidade Nova de LisboaPortugal
  2. 2.OutSystems SAUSA

Personalised recommendations