Fine-Grained Access Control with Object-Sensitive Roles
European Conference on Object-Oriented Programming (ECOOP 2009), Genova, Italy, July 6-10, 2009.
Jeffrey Fischer, Daniel Marino, Rupak Majumdar, Todd Millstein
Role-based access control (RBAC) is a common paradigm to ensure that
users have sufficient rights to perform various system operations.
In many cases though, traditional RBAC does not easily express
application-level security requirements. For instance, in a
medical records system it is difficult to express that doctors
should only update the records of their own patients.
Further, traditional RBAC frameworks like Java's Enterprise Edition
rely solely on dynamic checks, which makes application code fragile
and difficult to ensure correct.
We introduce Object-sensitive
RBAC (ORBAC), a generalized RBAC model for object-oriented
languages. ORBAC resolves the expressiveness limitations of RBAC by
allowing roles to be parameterized by properties of the
business objects being manipulated. We formalize and prove sound a
dependent type system that statically validates a program's
conformance to an ORBAC policy. We have implemented our type
system for Java and have used it to validate fine-grained access
control in the OpenMRS medical records system.