XTOLS: Cross-tier Oracle Label Security

Loading...
Thumbnail Image

Files

tr.pdf (294.01 KB)
No. of downloads: 1270

Publication or External Link

Date

2009-04-08

Advisor

Citation

DRUM DOI

Abstract

SELinks allows cross-tier security enforcement between the application tier and the database tier by compiling policy functions and database queries into user-defined functions (UDFs) and SQL queries. Unfortunately, this kind of enforcement is restricted to the policies written within SELinks framework; and therefore, it does not take into account the existing policies in the database. Furthermore, the data in the database may be vulnerable to unauthorized access because the database does not necessarily enforce the security policies intended by the application. To support fine-grained access control over sensitive data, Oracle introduced Oracle Label Security (OLS) technology, starting from Oracle 8i. However, there has been no previous work to incorporate this technology into the application framework. In this paper, we discuss how OLS security policies can be encoded in SELinks and enforced between the application and the database. We have implemented an extension of current SELinks, called Cross-tier Oracle Label Security (XTOLS), that provides a secure and extensible programming environment to programmers.

Notes

Rights