Diogo Domingues Regateiro

Secure, Dynamic and Distributed Access Control Stack for Database Applications

In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.

Role-Based Access control mechanisms

Most of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC.

The XACML Standard - Addressing Architectural and Security Aspects.

The OASIS XACML (eXtensible Access Control Markup Language) standard defines a language for the definition of access control requests and policies. It is intended to be used with ABAC (Attribute Based Access Control). Along with the language, the standard defines an architecture, workflow and evaluation mechanism. When implementing real scenarios, developers can come across with the missing of several issues not addressed by the standard. For example, the architecture proposed defines the workflow but does not define the way components should be distributed over different machines. Additionally, the standard does not include any information about how securing communications between components. This paper proposes a solution to deal with the aforementioned gaps. A proof of concept is also presented in an IoT use case in the context of the European project: SMARTIE – secure and smarter cities data management.

On the Prospect of using Cognitive Systems to Enforce Data Access Control.

Data access control is a field that has been a subject of a lot of research for many years, which has resulted in many models being designed. Many of these models are deterministic in nature, following set rules to allow or deny access to a given user. These are sufficient in fairly static environments, but they fall short in dynamic and collaborative settings where permission needs may change or user attributes may be missing. Risk-based and probabilistic models were designed to mitigate some of these issues. These take a user profile to determine the risk associated with a particular transaction or fill in any missing attributes. However, they need to be maintained as new security threats emerge. It is argued in this paper that cognitive systems, as part of a more general Cognitive Driven Access Control approach, can close this gap by learning security threats on their own and enhancing the security of data in these environments. The benefits and considerations to be made when deploying cognitive systems are also discussed.

On the Application of Fuzzy Set Theory for Access Control Enforcement

Access control is a vital part of any computer system. When it comes to access to data, deterministic access control models such as RBAC are still widely used today, but they lack the flexibility needed to support some recent scenarios. These include scenarios where users and data can be dynamically added to a system, which emerged from IoT and big data contexts. Such scenarios include data from network operators, smart cities, etc. Thus, models that are able to adapt to these dynamic environments are necessary. Non-deterministic access control models fall into this approach, as they introduce new ways of mapping users to permissions and resources, but lack the auditing capabilities of deterministic models. In this paper, the usage of these models will be defended and argued for. In particular, a solution based on fuzzy set theory is proposed as it is thought to be able to provide some flexibility benefits of non-deterministic models, while giving some assurance to security experts that the resources are not accessed by unexpected users.

Server-Side Database Credentials: A Security Enhancing Approach for Database Access

Database applications are a very pervasive tool that enable businesses to make the most out of the data they collect and generate. Furthermore, they can also be used to provide services on top of such data that can access, process, modify and explore it. It was argued in the work this paper extends that when client applications that access a database directly run on public or semi-public locations that are not highly secured (such as a reception desk), the database credentials used could be stolen by a malicious user. To prevent such an occurrence, solutions such as virtual private networks (VPNs) can be used to secure access to the database. However, VPNs can be bypassed by accessing the database from within the business network in an internal attack, among other problems. A methodology called Secure Proxied Database Connectivity (SPDC) is presented which aims to push the database credentials out of the client applications and divides the information required to access them between a proxy and an authentication server, while supporting existing tools and protocols that provide access to databases, such as JDBC. This approach will be shown and further detailed in this paper in terms of attack scenarios, implementation and discussion.

SPDC: Secure Proxied Database Connectivity.

In the business world, database applications are a predominant tool where data is generally the most important asset of a company. Companies use database applications to access, explore and modify their data in order to provide a wide variety of services. When these applications run in semi-public locations and connect directly to the database, such as a reception area of a company or are connected to the internet, they can become the target of attacks by malicious users and have the hard-coded database credentials stolen. To prevent unauthorized access to a database, solutions such as virtual private networks (VPNs) are used. However, VPNs can be bypassed using internal attacks, and the stolen credentials used to gain access to the database. In this paper the Secure Proxied Database Connectivity (SPDC) is proposed, which is a new methodology to enhance the protection of the database access. It pushes the credentials to a proxy server and separates the information required to access the database between a proxy server and an authentication server. This solution is compared to a VPN using various attack scenarios and we show, with a proof-ofconcept, that this proposal can also be completely transparent to the user.

Supporting pre-shared keys in closed implementations of TLS

In the business world, data is generally the most important asset of a company that must be protected. However, it must be made available to provide a wide variety of services, and so it can become the target of attacks by malicious users. Such attacks can involve eavesdropping the network or gaining unauthorized access, allowing such an attacker to access sensitive information. Secure protocols, such as Transport Layer Security (TLS), are usually used to mitigate these attacks. Unfortunately, most implementations force applications to use digital certificates, which may not always be desirable due to trust or monetary issues. Furthermore, implementations are usually closed and cannot be extended to support other authentication methods. In this article a methodology is proposed to slightly modify closed implementations of the TLS protocol that only support digital certificates, so pre-shared keys are used to protect the communication between two entities instead. A performance assessment is carried out on a proof-of-concept to demonstrate its feasibility and performance.

Mediator framework for inserting xDRs into Hadoop

During the last decades, we assisted to what is called “information explosion”. With the advent of the new technologies and new contexts, the volume, velocity and variety of data has increased exponentially, becoming what is known today as big data. Among them, we emphasize telecommunications operators, which gather, using network monitoring equipment, millions of network event records, the Call Detail Records (CDRs) and the Event Detail Records (EDRs), commonly known as xDRs. These records are stored and later processed to compute network performance and quality of service metrics. With the ever increasing number of collected xDRs, its generated volume needing to be stored has increased exponentially, making the current solutions based on relational databases not suited anymore. To tackle this problem, the relational data store can be replaced by Hadoop File System (HDFS). However, HDFS is simply a distributed file system, this way not supporting any aspect of the relational paradigm. To overcome this difficulty, this paper presents a framework that enables the current systems inserting data into relational databases, to keep doing it transparently when migrating to Hadoop. As proof of concept, the developed platform was integrated with the Altaia - a performance and QoS management of telecommunications networks and services.

Protecting Databases from Schema Disclosure

Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept.