XTOLS: Cross-tier Oracle Label Security

dc.contributor.authorAn, Jong-hoon (David)
dc.date.accessioned2009-04-10T16:25:50Z
dc.date.available2009-04-10T16:25:50Z
dc.date.issued2009-04-08
dc.description.abstractSELinks allows cross-tier security enforcement between the application tier and the database tier by compiling policy functions and database queries into user-defined functions (UDFs) and SQL queries. Unfortunately, this kind of enforcement is restricted to the policies written within SELinks framework; and therefore, it does not take into account the existing policies in the database. Furthermore, the data in the database may be vulnerable to unauthorized access because the database does not necessarily enforce the security policies intended by the application. To support fine-grained access control over sensitive data, Oracle introduced Oracle Label Security (OLS) technology, starting from Oracle 8i. However, there has been no previous work to incorporate this technology into the application framework. In this paper, we discuss how OLS security policies can be encoded in SELinks and enforced between the application and the database. We have implemented an extension of current SELinks, called Cross-tier Oracle Label Security (XTOLS), that provides a secure and extensible programming environment to programmers.en
dc.format.extent301063 bytes
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/1903/9029
dc.language.isoen_USen
dc.relation.ispartofseriesUM Computer Science Departmenten
dc.relation.ispartofseriesCS-TR-4934en
dc.titleXTOLS: Cross-tier Oracle Label Securityen
dc.typeTechnical Reporten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
tr.pdf
Size:
294.01 KB
Format:
Adobe Portable Document Format