Application Security
Hardly a day goes by that we do not read media reports about new security inadequacies in systems software in general and Internet applications in particular. Whether these articles are about a new virus, discovered phishing attacks and security holes in operating systems, the growing publicity also increases our sensibility to security aspects.
Many sources of danger, however, still go unheeded in today's highly complex systems. One mostly disregarded potential danger is in the applications themselves. Every form of data access, even by authenticated users, presents a challenge to a system's security. Existing technology standards, such as J3EE or .NET offer insufficient mechanisms for truly secure applications.
Data protection always requires special attention when a computer system manages sensitive information where not all of the users are subject to the same requirements for dealing with data. Take, for example, an airline reservation system. A travel agent uses it to make or cancel reservations for his customers. This information is used by an airline's airport ground staff, which is authorized to prepare passenger boarding lists for the flights they are responsible for. However, without the necessary measures built into the application, it would be a small step for a travel agent to access or even change customer data from other travel agencies.
Data protection requirements, such as those in this example, are called access rules. Data processing systems consist of a large number of such rules. They take into account the various roles played by users and the different types of access possible. Implementing such rules can be done through programming or declaratively. The latter has major advantages not only because the application developer is relieved of this complex task but also because changes and adjustments can be very flexibly realized, management is done centrally, and access for control or auditing purposes is possible at any time.
With our security engine, Inventage offers a flexible component for the realization of application security with the features mentioned above.
