The University of Illinois OAI-PMH Data Provider Registry [Home]

Sample Record from "International Journal of Computer Science: Theory and Application"

For Set "Articles" and Metadata Prefix "nlm" View Raw XML

xmlns='http://www.openarchives.org/OAI/2.0/'
record:
header:
identifier: oai:ojs.localhost:article/35
datestamp: 2014-10-30T16:39:33Z
setSpec: journal-of-computer-science:ART
metadata:
xmlns='http://dtd.nlm.nih.gov/publishing/2.3'
article:
xmlns='http://www.w3.org/2001/XMLSchema-instance'
schemaLocation='http://dtd.nlm.nih.gov/publishing/2.3 http://dtd.nlm.nih.gov/publishing/2.3/xsd/journalpublishing.xsd'
xmlns='http://www.w3.org/XML/1998/namespace'
lang='EN'
front:
journal-meta:
journal-id:
journal-id-type='other'
journal-of-computer-science
journal-title: International Journal of Computer Science: Theory and Application
issn:
pub-type='epub'
2336-0984
article-meta:
article-id:
pub-id-type='other'
35
article-categories:
subj-group:
subj-group-type='heading'
subject: Articles
title-group:
article-title: Distributed and Typed Role-based Access Control Mechanisms Driven by CRUD Expressions
contrib-group:
contrib:
contrib-type='author'
name:
name-style='western'
surname: Regateiro
given-names: Diogo Domingues
aff: Instituto de Telecomunicações, University of Aveiro
contrib:
corresp='yes'
contrib-type='author'
name:
name-style='western'
surname: Aguiar
given-names: Rui Luís
aff: Instituto de Telecomunicações, DETI, University of Aveiro
contrib:
contrib-type='author'
name:
name-style='western'
surname: Pereira
given-names: Óscar Mortágua
email: omp@ua.pt
contrib:
contrib-type='editor'
name:
surname: vares
given-names: romain
contrib:
contrib-type='editor'
name:
surname: OUCHETTO
given-names: Ouail
contrib:
contrib-type='editor'
name:
surname: Orb Academic Publisher
given-names: Support
contrib:
contrib-type='editor'
name:
surname: OUCHETTO
given-names: OUAIL
contrib:
contrib-type='jmanager'
name:
surname: vares
given-names: romain
pub-date:
pub-type='epub'
day: 30
month: 10
year: 2014
pub-date:
pub-type='collection'
year: 2014
volume: 2
issue:
seq='1'
1
issue-id:
pub-id-type='other'
7
permissions:
copyright-year: 2014
self-uri:
self-uri:
content-type='application/pdf'
xmlns='http://www.w3.org/1999/xlink'
abstract:
xmlns='http://www.w3.org/XML/1998/namespace'
lang='EN'
p: Business logics of relational databases applications are an important source of security violations, namely in respect to access control. The situation is particularly critical when access control policies are many and complex. In these cases, programmers of business logics can hardly master the established access control policies. Now we consider situations where business logics are built with tools such as JDBC and ODBC. These tools convey two sources of security threats: 1) the use of unauthorized Create, Read, Update and Delete (CRUD) expressions and also 2) the modification of data previously retrieved by Select statements. To overcome this security gap when Role-based access control policies are used, we propose an extension to the basic model in order to control the two sources of security threats. Finally, we present a software architectural model from which distributed and typed RBAC mechanisms are automatically built, this way relieving programmers from mastering any security schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.
University of Illinois at Urbana-Champaign
University of Illinois at Urbana-Champaign
Grainger Engineering Library Information Center
Comments to: Tom Habing
University of Illinois at Urbana-Champaign Engineering Library
1301 West Springfield
Urbana, IL 61801
Phone: 217-244-4425
Updated on: 2018-10-12