Projects per year
Abstract
Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.
Original language | English |
---|---|
Article number | 227 |
Pages (from-to) | 1-27 |
Number of pages | 27 |
Journal | Proc. ACM Program. Lang. |
Volume | 7 |
Issue number | OOPSLA2 |
DOIs | |
Publication status | Published - 16 Oct 2023 |
Event | SPLASH 2023: ACM SIGPLAN conference on Systems, Programming, Languages, and Applications: Software for Humanity - Hotel Cascais Miragem, Cascais, Portugal Duration: 22 Oct 2023 → 27 Oct 2023 Conference number: 2023 https://2023.splashcon.org/ |
Bibliographical note
Funding Information:Sam Van den Vonder was funded by the Flanders Innovation & Entrepreneurship (VLAIO) "Cybersecurity Initiative Flanders" program. Thierry Renaux was partly funded by the Flanders Innovation & Entrepreneurship (VLAIO) "Cybersecurity Initiative Flanders" program, and the Innoviris "SWAMP" project.
Publisher Copyright:
© 2023 Owner/Author.
Keywords
- replicated data types
- role-based access control
- security
- conflict-free replicated data types
Fingerprint
Dive into the research topics of 'Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data'. Together they form a unique fingerprint.Projects
- 1 Active
-
VLAAI2: Cybersecurity Research Program Flanders – second cycle
De Meuter, W., Braeken, A., Devriese, D., Gonzalez Boix, E. & De Roover, C.
1/01/24 → 31/12/28
Project: Applied
Research output
- 1 Artefact
-
Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data (Artifact)
Renaux, T., Van den Vonder, S. & De Meuter, W., 4 Sep 2023, (Unpublished)Research output: Non-textual form › Artefact
Datasets
-
Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data (Artifact)
Renaux, T. (Creator), Van den Vonder, S. (Creator) & De Meuter, W. (Supervisor), Zenodo, 4 Sep 2023
Dataset
File
Activities
- 1 Talk or presentation at a conference
-
Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data
Sam Van den Vonder (Speaker)
27 Oct 2023Activity: Talk or presentation › Talk or presentation at a conference