Stagebank HBO-ICT

TVE Logo Blue 400x400.png

Om te solliciteren op deze stage, moet je met je HvA-emailadres een account aanmaken.

account aanmaken

Bedrijfsinformatie

The Value Engineers
Van Burenlaan 7
3761 BZ
Soest
www.thevalueengineers.nl

Fine-grained data access control in relational databases

Stageopdracht SE, SNE/CS Onbekende locatie
#databases
Gepubliceerd op 10-11-2023 11:47

Software platforms store large amounts of data in a database management system. Obviously, access to data is restricted, based on some property such as the user’s role or id. In this project, we are interested in a fine-grained access control mechanism (e.g. at row or even cell level) that can completely delegated to the database management system.

Background

Software platforms store large amounts of data in a database management system. Obviously, access to data is restricted, based on some property such as the user’s role or id.

Problem

Many web-enabled backend software frameworks (e.g. Spring)  handle data security (e.g. access to stored data) at the backend application level. This is easy to implement but comes with security- and performance issues. Typically, the database is accessed by the same user each time. This implies that the backend application handles data access control. As a result, a programming mistake at the application level can easily lead to undesired exposure of data. Moreover, tasks like output pagination need to be done by the backend application too, which is considered inefficient.

It would be much better if access control of data is handled by the database management system itself. This would lead to a single point of control where access is checked for rights, which needs to be designed and implemented well only once. Moreover, access checking, also pagination of query results can utilize the query optimizer of the database management system.

Solution orientation

The solution should entail a number of elements:

-        - Access based on user id / group id, using Access Control Lists (ACLs)

-         - Restriction of access to rows, columns, and specific cells based on ACLs

Several parts of the solution do already exist, but need to be combined in a meaningful way:

-        - For Postgres, an elementary ACL API has been developed (see e.g. https://github.com/arkhipov/acl)

-        - Also, for Postgres, cell-based access control is already demonstrated (see e.g. https://www.youtube.com/watch?v=-9QqQ2jkG_4 for an explanation), although not with ACLs.

Organizational context

This project is offered by The Value Engineers B.V., who will offer an internship compensation.

Required

An independent student with good working knowledge of relational databases and C (to extend them), a sense for secure designs.

Supervision

-        Dr. J. Gordijn (VU Amsterdam , The Value Engineers)

-         Emer. Prof. Dr. R.J. Wieringa (The Value Engineers)

Geschikt voor studenten
  • Software Engineering
  • Cyber Security
Ook toegankelijk voor studenten Associate Degree