XTOLS: Cross-tier Oracle Label Security
نویسنده
چکیده
SELINKS allows cross-tier security enforcement between the application tier and the database tier by compiling policy functions and database queries into user-defined functions (UDFs) and SQL queries. Unfortunately, this kind of enforcement is restricted to the policies written within SELINKS framework; and therefore, it does not take into account the existing policies in the database. Furthermore, the data in the database may be vulnerable to unauthorized access because the database does not necessarily enforce the security policies intended by the application. To support fine-grained access control over sensitive data, Oracle introduced Oracle Label Security (OLS) technology, starting from Oracle 8i. However, there has been no previous work to incorporate this technology into the application framework. In this paper, we discuss how OLS security policies can be encoded in SELINKS and enforced between the application and the database. We have implemented an extension of current SELINKS, called Cross-tier Oracle Label Security (XTOLS), that provides a secure and extensible programming environment to programmers.
منابع مشابه
Two-Tier Signatures, Strongly Unforgeable Signatures, and Fiat-Shamir Without Random Oracles
We show how the Fiat-Shamir transform can be used to convert three-move identification protocols into two-tier signature schemes (a primitive we define) with a proof of security that makes a standard assumption on the hash function rather than modeling it as a random oracle. The result requires security of the starting protocol against concurrent attacks. We can show that numerous protocols hav...
متن کاملProof of Knowledge on Monotone Predicates and its Application to Attribute-Based Identifications and Signatures
We propose a concrete procedure of a Σ-protocol proving knowledge that a set of witnesses satisfies a monotone predicate in witness-indistinguishable manner. Inspired by the high-level proposal by Cramer, Damg̊ard and Schoenmakers at CRYPTO ’94, we construct the concrete procedure by extending the so-called OR-proof. Next, using as a witness a signature-bundle of the Fiat-Shamir signatures, we p...
متن کاملProofs of Knowledge on Monotone Predicates and its Application to Attribute-Based Identifications and Signatures
We propose a concrete procedure of a Σ-protocol proving knowledge that a set of witnesses satisfies a monotone predicate in witness-indistinguishable manner. Inspired by the high-level proposal by Cramer, Damg̊ard and Schoenmakers at CRYPTO ’94, we construct the concrete procedure by extending the so-called OR-proof. Next, using as a witness a credential-bundle of the Fiat-Shamir signatures, we ...
متن کاملProvably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009