Abstract
Role-based access control (RBAC) is a common paradigm to ensure that users have sufficient rights to perform various system operations. In many cases though, traditional RBAC does not easily express application-level security requirements. For instance, in a medical records system it is difficult to express that doctors should only update the records of their own patients. Further, traditional RBAC frameworks like Java’s Enterprise Edition rely solely on dynamic checks, which makes application code fragile and difficult to ensure correct.
We introduce Object-sensitive RBAC (ORBAC), a generalized RBAC model for object-oriented languages. ORBAC resolves the expressiveness limitations of RBAC by allowing roles to be parameterized by properties of the business objects being manipulated. We formalize and prove sound a dependent type system that statically validates a program’s conformance to an ORBAC policy. We have implemented our type system for Java and have used it to validate fine-grained access control in the OpenMRS medical records system.
This material is based upon work supported in part by the National Science Foundation under grants CCF-0545850 and CCF-0546170.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdallah, A.E., Khayat, E.J.: A formal model for parameterized role-based access control. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust, pp. 233–246. Springer, Heidelberg (2004)
Andreae, C., Noble, J., Markstrum, S., Millstein, T.: A framework for implementing pluggable type systems. In: OOPSLA 2006: Proceedings of the 21st annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 57–74. ACM Press, New York (2006)
Barkley, J., Beznosov, K., Uppal, J.: Supporting relationships in access control using role based access control. In: RBAC 1999: Proceedings of the fourth ACM workshop on Role-based access control, pp. 55–65. ACM, New York (1999)
Barth, A., Mitchell, J., Datta, A., Sundaram, S.: Privacy and utility in business processes. In: CSF 2007, pp. 279–294. IEEE Computer Society Press, Los Alamitos (2007)
Becker, M.: Information governance in nhs’s npfit: A case for policy specification. International Journal of Medical Informatics (IJMI) 76(5-6) (2007)
Becker, M., Sewell, P.: Cassandra: Distributed access control policies with tunable expressiveness. In: POLICY 2004, pp. 159–168 (2004)
Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, pp. 48–64. ACM Press, New York (1998)
eXtensible Access Control Markup Language (XACML) Version 2.03. OASIS Standard (February 2005)
Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th National Computer Security Conference (1992)
Fischer, J., Marino, D., Majumdar, R., Millstein, T.: Fine-grained access control with object-sensitive roles. Technical Report CSD-TR-090010, UCLA Comp. Sci. Dept. (2009)
Gifford, D.K., Lucassen, J.M.: Integrating functional and imperative programming. In: LFP 1986: Proceedings of the 1986 ACM Conference on LISP and Functional Programming, pp. 28–38. ACM Press, New York (1986)
Giuri, L., Iglio, P.: Role templates for content-based access control. In: RBAC 1997: Proceedings of the second ACM workshop on Role-based access control, pp. 153–159. ACM Press, New York (1997)
Hibernate home page, http://www.hibernate.org
Igarashi, A., Pierce, B.C., Wadler, P.: Featherweight Java: a minimal core calculus for Java and GJ. ACM Transactions on Programming Languages and Systems 23(3), 396–450 (2001)
Jaeger, T., Michailidis, T., Rada, R.: Access control in a virtual university. In: WETICE 1999: Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises, Washington, DC, USA, pp. 135–140. IEEE Computer Society Press, Los Alamitos (1999)
Java Platform, Enterprise Edition home page, http://java.sun.com/javaee
Markstrum, S., Marino, D., Esquivel, M., Millstein, T.: Practical enforcement and testing of pluggable type systems. Technical Report CSD-TR-080013, UCLA Comp. Sci. Dept. (2008)
Martin-Löf, P.: Constructive mathematics and computer programming. In: Sixth International Congress for Logic, Methodology, and Philosophy of Science, pp. 153–175. North-Holland, Amsterdam (1982)
Nystrom, N., Saraswat, V., Palsberg, J., Grothoff, C.: Constrained types for object-oriented languages. In: OOPSLA 2008: Proceedings of the 23rd ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications, pp. 457–474. ACM Press, New York (2008)
Olson, L., Gunter, C., Madhusudan, P.: A formal framework for reflective database access control policies. In: CCS 2008: Proceedings of the 15th ACM conference on Computer and communications security, pp. 289–298. ACM Press, New York (2008)
OpenMRS home page, http://openmrs.org
Oracle 11g Virtual Private Database (2009), http://www.oracle.com/technology/deploy/security/database-security/virtual-private-database/index.html
Pandey, R., Hashii, B.: Providing fine-grained access control for Java programs. In: Guerraoui, R. (ed.) ECOOP 1999. LNCS, vol. 1628, pp. 668–692. Springer, Heidelberg (1999)
Pierce, B.C.: Types and Programming Languages. The MIT Press, Cambridge (2002)
Pistoia, M., Fink, S., Flynn, R., Yahav, E.: When role models have flaws: Static validation of enterprise security policies. In: ICSE 2007, pp. 478–488. IEEE, Los Alamitos (2007)
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 551–562. ACM Press, New York (2004)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Spring Application Framework home page, http://www.springsource.org
Walker, D., Crary, K., Morrisett, G.: Typed memory management via static capabilities. ACM Trans. Program. Lang. Syst. 22(4), 701–771 (2000)
Wright, A.K., Felleisen, M.: A syntactic approach to type soundness. Information and Computation 115(1), 38–94 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fischer, J., Marino, D., Majumdar, R., Millstein, T. (2009). Fine-Grained Access Control with Object-Sensitive Roles. In: Drossopoulou, S. (eds) ECOOP 2009 – Object-Oriented Programming. ECOOP 2009. Lecture Notes in Computer Science, vol 5653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03013-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-03013-0_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03012-3
Online ISBN: 978-3-642-03013-0
eBook Packages: Computer ScienceComputer Science (R0)