Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data

Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data

Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Proceedings of ACM on programming languages 2023-10, Vol.7 (OOPSLA2), p.146-172, Article 227
Hauptverfasser: Renaux, Thierry, Van den Vonder, Sam, De Meuter, Wolfgang
Format: Artikel
Sprache:eng
Schlagworte:
Availability
Computer systems organization
Computing methodologies
Distributed programming languages
Distributed systems security
Security and privacy
Semantics
Software and its engineering
Web application security
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 172
container_issue OOPSLA2
container_start_page 146
container_title Proceedings of ACM on programming languages
container_volume 7
creator Renaux, Thierry
Van den Vonder, Sam
De Meuter, Wolfgang
description Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.
doi_str_mv 10.1145/3622802
format Article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3622802</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3622802</sourcerecordid><originalsourceid>FETCH-LOGICAL-a239t-53b407d8915eedc78a6756046d63eaf3350bacbc2e5d8dc8dfadefd73c563c023</originalsourceid><addsrcrecordid>eNpNkEtLw0AUhQdRsNTi3tXsXEXnkUkm7kJaX5RGbF2HyZ07EpkmMhMF_72VVnF1DpyPs_gIOefsivNUXctMCM3EEZmINFcJTwU__tdPySzGN8YYL2SqZTEhqzXCR0D6PN_EG7ro3RCg619pCYAx0mroxzB4-jT4DjqMdLfT2jnf9UjLT9N503qkj-t6RedmNGfkxBkfcXbIKXm5XWyq-2RZ3z1U5TIxQhZjomSbstzqgitEC7k2Wa4ylmY2k2iclIq1BloQqKy2oK0zFp3NJahMAhNySi73vxCGGAO65j10WxO-Gs6aHxPNwcSOvNiTBrZ_0O_4DROcV0s</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data</title><source>ACM Digital Library Complete</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Renaux, Thierry ; Van den Vonder, Sam ; De Meuter, Wolfgang</creator><creatorcontrib>Renaux, Thierry ; Van den Vonder, Sam ; De Meuter, Wolfgang</creatorcontrib><description>Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.</description><identifier>ISSN: 2475-1421</identifier><identifier>EISSN: 2475-1421</identifier><identifier>DOI: 10.1145/3622802</identifier><language>eng</language><publisher>New York, NY, USA: ACM</publisher><subject>Availability ; Computer systems organization ; Computing methodologies ; Distributed programming languages ; Distributed systems security ; Security and privacy ; Semantics ; Software and its engineering ; Web application security</subject><ispartof>Proceedings of ACM on programming languages, 2023-10, Vol.7 (OOPSLA2), p.146-172, Article 227</ispartof><rights>Owner/Author</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-a239t-53b407d8915eedc78a6756046d63eaf3350bacbc2e5d8dc8dfadefd73c563c023</cites><orcidid>0000-0002-9241-1098 ; 0000-0002-5229-5627 ; 0000-0002-9301-2187</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://dl.acm.org/doi/pdf/10.1145/3622802$$EPDF$$P50$$Gacm$$Hfree_for_read</linktopdf><link.rule.ids>314,780,784,2282,27924,27925,40196,76228</link.rule.ids></links><search><creatorcontrib>Renaux, Thierry</creatorcontrib><creatorcontrib>Van den Vonder, Sam</creatorcontrib><creatorcontrib>De Meuter, Wolfgang</creatorcontrib><title>Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data</title><title>Proceedings of ACM on programming languages</title><addtitle>ACM PACMPL</addtitle><description>Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.</description><subject>Availability</subject><subject>Computer systems organization</subject><subject>Computing methodologies</subject><subject>Distributed programming languages</subject><subject>Distributed systems security</subject><subject>Security and privacy</subject><subject>Semantics</subject><subject>Software and its engineering</subject><subject>Web application security</subject><issn>2475-1421</issn><issn>2475-1421</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNkEtLw0AUhQdRsNTi3tXsXEXnkUkm7kJaX5RGbF2HyZ07EpkmMhMF_72VVnF1DpyPs_gIOefsivNUXctMCM3EEZmINFcJTwU__tdPySzGN8YYL2SqZTEhqzXCR0D6PN_EG7ro3RCg619pCYAx0mroxzB4-jT4DjqMdLfT2jnf9UjLT9N503qkj-t6RedmNGfkxBkfcXbIKXm5XWyq-2RZ3z1U5TIxQhZjomSbstzqgitEC7k2Wa4ylmY2k2iclIq1BloQqKy2oK0zFp3NJahMAhNySi73vxCGGAO65j10WxO-Gs6aHxPNwcSOvNiTBrZ_0O_4DROcV0s</recordid><startdate>20231016</startdate><enddate>20231016</enddate><creator>Renaux, Thierry</creator><creator>Van den Vonder, Sam</creator><creator>De Meuter, Wolfgang</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-9241-1098</orcidid><orcidid>https://orcid.org/0000-0002-5229-5627</orcidid><orcidid>https://orcid.org/0000-0002-9301-2187</orcidid></search><sort><creationdate>20231016</creationdate><title>Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data</title><author>Renaux, Thierry ; Van den Vonder, Sam ; De Meuter, Wolfgang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a239t-53b407d8915eedc78a6756046d63eaf3350bacbc2e5d8dc8dfadefd73c563c023</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Availability</topic><topic>Computer systems organization</topic><topic>Computing methodologies</topic><topic>Distributed programming languages</topic><topic>Distributed systems security</topic><topic>Security and privacy</topic><topic>Semantics</topic><topic>Software and its engineering</topic><topic>Web application security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Renaux, Thierry</creatorcontrib><creatorcontrib>Van den Vonder, Sam</creatorcontrib><creatorcontrib>De Meuter, Wolfgang</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings of ACM on programming languages</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Renaux, Thierry</au><au>Van den Vonder, Sam</au><au>De Meuter, Wolfgang</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data</atitle><jtitle>Proceedings of ACM on programming languages</jtitle><stitle>ACM PACMPL</stitle><date>2023-10-16</date><risdate>2023</risdate><volume>7</volume><issue>OOPSLA2</issue><spage>146</spage><epage>172</epage><pages>146-172</pages><artnum>227</artnum><issn>2475-1421</issn><eissn>2475-1421</eissn><abstract>Replicated Data Types (RDTs) are a type of data structure that can be replicated over a network, where each replica can be kept (eventually) consistent with the other replicas. They are used in applications with intermittent network connectivity, since local (offline) edits can later be merged with the other replicas. Applications that want to use RDTs often have an inherent security component that restricts data access for certain clients. However, access control for RDTs is difficult to enforce for clients that are not running within a secure environment, e.g., web applications where the client-side software can be freely tampered with. In essence, an application cannot prevent a client from reading data which they are not supposed to read, and any malicious changes will also affect well-behaved clients. This paper proposes Secure RDTs (SRDTs), a data type that specifies role-based access control for offline-available JSON data. In brief, a trusted application server specifies a security policy based on roles with read and write privileges for certain fields of an SRDT. The server enforces read privileges by projecting the data and security policy to omit any non-readable fields for the user's given role, and it acts as an intermediary to enforce write privileges. The approach is presented as an operational semantics engineered in PLT Redex, which is validated by formal proofs and randomised testing in Redex to ensure that the formal specification is secure.</abstract><cop>New York, NY, USA</cop><pub>ACM</pub><doi>10.1145/3622802</doi><tpages>27</tpages><orcidid>https://orcid.org/0000-0002-9241-1098</orcidid><orcidid>https://orcid.org/0000-0002-5229-5627</orcidid><orcidid>https://orcid.org/0000-0002-9301-2187</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2475-1421
ispartof Proceedings of ACM on programming languages, 2023-10, Vol.7 (OOPSLA2), p.146-172, Article 227
issn 2475-1421
2475-1421
language eng
recordid cdi_crossref_primary_10_1145_3622802
source ACM Digital Library Complete; EZB-FREE-00999 freely available EZB journals
subjects Availability
Computer systems organization
Computing methodologies
Distributed programming languages
Distributed systems security
Security and privacy
Semantics
Software and its engineering
Web application security
title Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-26T09%3A12%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Secure%20RDTs:%20Enforcing%20Access%20Control%20Policies%20for%20Offline%20Available%20JSON%20Data&rft.jtitle=Proceedings%20of%20ACM%20on%20programming%20languages&rft.au=Renaux,%20Thierry&rft.date=2023-10-16&rft.volume=7&rft.issue=OOPSLA2&rft.spage=146&rft.epage=172&rft.pages=146-172&rft.artnum=227&rft.issn=2475-1421&rft.eissn=2475-1421&rft_id=info:doi/10.1145/3622802&rft_dat=%3Cacm_cross%3E3622802%3C/acm_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true