Non-invasive method of mandatory access control implementaion on DBMS layer in web applications

D. N. Kolegov; N. O. Tkachenko

Geodesic

Parcourir par

Non-invasive method of mandatory access control implementaion on DBMS layer in web applications

D. N. Kolegov ; N. O. Tkachenko

Prikladnaya Diskretnaya Matematika. Supplement, no. 8 (2015), pp. 89-92

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

We propose non-invasive method of mandatory access control implementation on DBMS MySQL layer in web applications. This method is based on formal DP-models for DBMS MySQL and proxy-based reference monitor for SQL queries. The main idea of the method is identification of users in account-based web applications and SQL query rewriting. Users' identities are added by applicaion's module (Django middleware) and transmitted in comments of SQL queries to MySQL-proxy. After identification of users has been completed, we simulate DBMS's entities identification and row level security by SQL rewriting.

Keywords: access control, DBMS security.
Mots-clés : web applications

@article{PDMA_2015_8_a32,
     author = {D. N. Kolegov and N. O. Tkachenko},
     title = {Non-invasive method of mandatory access control implementaion on {DBMS} layer in web applications},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {89--92},
     publisher = {mathdoc},
     number = {8},
     year = {2015},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2015_8_a32/}
}

TY  - JOUR
AU  - D. N. Kolegov
AU  - N. O. Tkachenko
TI  - Non-invasive method of mandatory access control implementaion on DBMS layer in web applications
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2015
SP  - 89
EP  - 92
IS  - 8
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2015_8_a32/
LA  - ru
ID  - PDMA_2015_8_a32
ER  -

%0 Journal Article
%A D. N. Kolegov
%A N. O. Tkachenko
%T Non-invasive method of mandatory access control implementaion on DBMS layer in web applications
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2015
%P 89-92
%N 8
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2015_8_a32/
%G ru
%F PDMA_2015_8_a32

D. N. Kolegov; N. O. Tkachenko. Non-invasive method of mandatory access control implementaion on DBMS layer in web applications. Prikladnaya Diskretnaya Matematika. Supplement, no. 8 (2015), pp. 89-92. http://geodesic.mathdoc.fr/item/PDMA_2015_8_a32/