Secure, dynamic and distributed access control stack for database applications

In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.

Secure, dynamic and distributed access control stack for database applications

In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.

Amplificador de RF Doherty assimétrico de 2-vias

Os atuais esquemas de modulação e acesso ao meio, tais como o Wide- Band Code-Division Multiple Access (WCDMA) ou Orthogonal Frequency- Division Multiple Access (OFDMA), que são otimizados para a gestão eficiente do espetro electromagnético e elevada taxa de transmissão, originam sinais de elevado Peak-to-Average Power Ratio (PAPR) e requisitos de linearidade rigorosos. As arquiteturas de amplificação tradicionais, i.e. baseadas no operação em modo de corrente do dispositivo ativo, são incapazes de satisfazer estes requisitos em simultâneo. Assim, o amplificador de potência (do inglês, Power Ampli_er (PA)) incorre numa degradação significativa de rendimento energético em favor de maior linearidade, aumentando simultaneamente os custos de operação das estacões base para os operadores de telecomunicações móveis e o impacte ambiental. Este trabalho foca-se no estudo da arquitetura Doherty, a principal solução encontrada para melhorar o compromisso linearidade/rendimento para aplicações em estações-base de comunicações móveis. Para tal, são expostos os princípios básicos de amplificadores de rádio frequência assim como a análise teórica do tradicional PA Doherty (do inglês, Doherty Power Amplifier (DhPA)) de duas vias e suas variantes. O estudo _e complementado com o projeto e implementação de um PA excitador, em classe-AB, e de um DhPA de elevada potência, colocando-se em prática a teoria e técnicas de projeto estudadas ao longo deste trabalho, aliadas aos desafios da implementação com dispositivos reais de elevada potência.

Protecting databases from schema disclosure: a CRUD-based protection model

Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept.

ABTC: multi-purpose adaptable business tier components based on Call Level Interfaces

Call Level Interfaces (CLI) are low level API that play a key role in database applications whenever a fine tune control between application tiers and the host databases is a key requirement. Unfortunately, in spite of this significant advantage, CLI were not designed to address organizational requirements and contextual runtime requirements. Among the examples we emphasize the need to decouple or not to decouple the development process of business tiers from the development process of application tiers and also the need to automatically adapt to new business and/or security needs at runtime. To tackle these CLI drawbacks, and simultaneously keep their advantages, this paper proposes an architecture relying on CLI from which multi-purpose business tiers components are built, herein referred to as Adaptable Business Tier Components (ABTC). This paper presents the reference architecture for those components and a proof of concept based on Java and Java Database Connectivity (an example of CLI).