In this paper, we propose an integrated framework to control information flows in order to prevent security attacks, namely, SQL injections threatening data confidentiality. This framework is based on the Prerequisite TBAC model, a new Tuple-Based Access Control model designed to control data dissemination in databases, and that guarantees a controlled declassification. To track information flow in the application part, we propose to propagate dynamically security labels through the system using Paragon, a typed-security language that extends Java with information flow policy specification.
CITATION STYLE
Ben-Ghorbel-Talbi, M., Lesueur, F., & Perrin, G. (2016). Information flow control on a multi-paradigm web application for SQL injection prevention. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9482, pp. 277–285). Springer Verlag. https://doi.org/10.1007/978-3-319-30303-1_18
Mendeley helps you to discover research relevant for your work.