Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data

IF 2.2 Q2 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Proceedings of the ACM on Programming Languages Pub Date : 2023-10-16 DOI:10.1145/3622802

Thierry Renaux, Sam Van den Vonder, Wolfgang De Meuter

{"title":"Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data","authors":"Thierry Renaux, Sam Van den Vonder, Wolfgang De Meuter","doi":"10.1145/3622802","DOIUrl":null,"url":null,"abstract":"Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.","PeriodicalId":20697,"journal":{"name":"Proceedings of the ACM on Programming Languages","volume":"1 1","pages":"0"},"PeriodicalIF":2.2000,"publicationDate":"2023-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ACM on Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3622802","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.

查看原文本刊更多论文

安全rdt:对离线可用JSON数据实施访问控制策略

复制数据类型(rdt)是一种可以在网络上复制的数据结构，其中每个副本可以(最终)与其他副本保持一致。它们用于具有间歇性网络连接的应用程序，因为本地(脱机)编辑以后可以与其他副本合并。想要使用rdt的应用程序通常有一个固有的安全组件来限制某些客户机的数据访问。然而，对于没有在安全环境中运行的客户端(例如，客户端软件可以自由篡改的web应用程序)，rdt的访问控制很难实施。从本质上讲，应用程序无法阻止客户端读取它们不应该读取的数据，任何恶意更改也会影响行为良好的客户端。本文提出了安全rdt (srdt)，这是一种数据类型，为离线可用的JSON数据指定基于角色的访问控制。简而言之，受信任的应用服务器根据对SRDT的某些字段具有读写权限的角色指定安全策略。服务器通过投射数据和安全策略来强制读取特权，以省略用户给定角色的任何不可读字段，并且它充当强制写入特权的中介。该方法在PLT Redex中作为操作语义提出，并通过Redex中的形式证明和随机测试进行验证，以确保形式规范的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the ACM on Programming Languages Engineering-Safety, Risk, Reliability and Quality

CiteScore

5.20

自引率

22.20%

发文量

192