Abstract
Currently, business tiers for relational database applications are mostly built from software artifacts, among which Java Persistent API, Java Database Connectivity and LINQ are three representatives. Those software artifacts were mostly devised to address the impedance mismatch between the object-oriented and the relational paradigms. Key aspects as reusable business tier components and access control to data residing inside relational databases have not been addressed. To tackle the two aspects, this research proposes an architecture, referred to here as Business Tier Architecture (BTA), to develop reusable business tier components which enforce access control policies to data residing inside relational databases management systems. Besides BTA, this paper also presents a proof of concept based on Java and on Java Database Connectivity (JDBC).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
David, M.: Representing database programs as objects. In: Bancilhon, F., Buneman, P. (eds.) Advances in Database Programming Languages, pp. 377–386. ACM, N.Y (1990)
Cook, W., Ibrahim, A.: Integrating programming languages and databases: what is the problem? (May 2011), http://www.odbms.org/experts.aspx#article10
Heineman, G.T., Councill, W.T.: Component-Based Software Engineering: Putting the Pieces Together, 1st edn. Addison-Wesley (2001)
Parsian, M.: JDBC Recipes: A Problem-Solution Approach. Apress, NY (2005)
Erik, M., Brian, B., Gavin, B.: LINQ: Reconciling Object, Relations and XML in the.NET framework. In: ACM SIGMOD International Conference on Management of Data. ACM, Chicago (2006)
Yang, D.: Java Persistence with JPA2010. Outskirts Press
Oracle. Oracle9i Database Administrator’s Guide, Release 2 (9.2). (December 2011), http://docs.oracle.com/cd/B10501_01/server.920/a96521/toc.html
Sack, J.: SQL Server 2008 - Transact-SQL Recipes. In: Gennick, J. (ed.). Apress (2008)
Keller, W.: Mapping Objects to Tables - A Pattern Language. In: European Conference on Pattern Languages of Programming Conference (EuroPLoP), Irsse, Germany (1997)
Lammel, R., Meijer, E.: Mappings Make data Processing Go ’Round: An Inter-paradigmatic Mapping Tutorial. In: Generative and Transformation Techniques in Software Engineering. Springer, Braga (2006)
Christian, B., Gavin, K.: Hibernate in Action. Manning Publications Co. (2004)
Oracle. Oracle TopLink (October 2011), http://www.oracle.com/technetwork/middleware/toplink/overview/index.html
Microsoft. Microsoft Open Database Connectivity (October 2011), http://msdn.microsoft.com/en-us/library/ms710252VS.85.aspx
Mead, G., Boehm, A.: ADO.NET 4 Database Programming with C# 2010. Mike Murach & Associates, Inc., USA (2011)
Moore, J.W.: The ANSI binding of SQL to ADA. Ada Letters XI(5), 47–61 (1991)
Eisenberg, A., Melton, J.: Part 1: SQL Routines using the Java (TM) Programming Language. In: International Committee for Information Technolgy American National Standard for Information for Technology Database Languages, SQLJ 1999 (1999)
William, R.C., Siddhartha, R.: Safe query objects: statically typed objects as remotely executable queries. In: 27th International Conference on Software Engineering. ACM, St. Louis (2005)
Russell, A.M., Ingolf, H.K.: SQL DOM: compile time checking of dynamic SQL statements. In: 27th International Conference on Software Engineering. ACM, St. Louis (2005)
Corcoran, B.J., Swamy, N., Hicks, M.: Cross-tier, Label-based Security Enforcement for Web Applications. In: Proceedings of the 35th SIGMOD International Conference on Management of Data, pp. 269–282. ACM, Providence (2009)
Cooper, E., Lindley, S., Yallop, J.: Links: Web Programming Without Tiers. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2006. LNCS, vol. 4709, pp. 266–296. Springer, Heidelberg (2007)
Zhang, D., et al. Jif: Java + information flow (December 2011), http://www.cs.cornell.edu/jif/
Rizvi, S., et al.: Extending Query Rewriting Techniques for Fine-grained Access Control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 551–562. ACM, Paris (2004)
Dwork, C.: Differential Privacy: A Survey of Results. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008)
McSherry, F.: Privacy Integrated Queries: An Extensible Platform for Privacy-preserving Data Analysis. Commun. ACM 53(9), 89–97 (2010)
Gregor Kiczales, J.L., Mendhekar, A., Maeda, C., Videira, C.L., Loingtier, J.-M., Irwin, J.: Aspect-Oriented Programming. In: ECOOP, Jyvaskyla, Finland (1997)
Laddad, R.: AspectJ in Action: Practical Aspect-Oriented Programming. Manning Publications, Greenwich (2003)
Fabry, J., D’Hondt, T.: KALA: Kernel Aspect Language for Advanced Transactions. In: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1615–1620. ACM, Dijon (2006)
Dinkelaker, T.: AO4SQL: Towards an Aspect-Oriented Extension for SQL. In: Proceedings of the 8th Workshop on Reflection, AOP and Meta-Data for Software Evolution (RAMSE 2011), Zurich, Switzerland (2011)
Oracle. Interface PreparedStatement (December 2011), http://download.oracle.com/javase/6/docs/api/java/sql/PreparedStatement.html
Sandhu, R.S., Samarati, P.: Access Control: Principle and Practice. IEEE Communications Magazine 32(9), 40–48 (1994)
Jajodia, S., Sandhu, R.: Toward a Multilevel Secure Relational Data Model. In: Proceedings of the 1991 ACM SIGMOD International Conference on Management of Data, pp. 50–59. ACM, Denver (1991)
Lunt, T.F., et al.: The SeaView Security Model. IEEE Transactions on Software Engineering 16(6), 593–607 (1990)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-based Access Control: Towards a Unified Standard. In: Proceedings of the fifth ACM Workshop on Role-based Access Control, pp. 47–63. ACM, Berlin (2000)
Barker, S., Stuckey, P.J.: Flexible Access Control Policy Specification with Constraint Logic Programming. ACM Transactions on Information and System Security 6(4), 501–546 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pereira, Ó.M., Aguiar, R.L., Santos, M.Y. (2012). BTA: Architecture for Reusable Business Tier Components with Access Control. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2012. ICCSA 2012. Lecture Notes in Computer Science, vol 7335. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31137-6_52
Download citation
DOI: https://doi.org/10.1007/978-3-642-31137-6_52
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31136-9
Online ISBN: 978-3-642-31137-6
eBook Packages: Computer ScienceComputer Science (R0)