XTOLS: Cross-tier Oracle Label Security
An, Jong-hoon (David)
MetadataShow full item record
SELinks allows cross-tier security enforcement between the application tier and the database tier by compiling policy functions and database queries into user-deﬁned functions (UDFs) and SQL queries. Unfortunately, this kind of enforcement is restricted to the policies written within SELinks framework; and therefore, it does not take into account the existing policies in the database. Furthermore, the data in the database may be vulnerable to unauthorized access because the database does not necessarily enforce the security policies intended by the application. To support ﬁne-grained access control over sensitive data, Oracle introduced Oracle Label Security (OLS) technology, starting from Oracle 8i. However, there has been no previous work to incorporate this technology into the application framework. In this paper, we discuss how OLS security policies can be encoded in SELinks and enforced between the application and the database. We have implemented an extension of current SELinks, called Cross-tier Oracle Label Security (XTOLS), that provides a secure and extensible programming environment to programmers.