Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data

Explore a conference talk from OOPSLA2 2023 that introduces Secure Replicated Data Types (SRDTs), a novel approach to enforcing role-based access control for offline-available JSON data. Delve into the challenges of maintaining data security in applications with intermittent network connectivity and learn how SRDTs address these issues. Discover the operational semantics of SRDTs, engineered in PLT Redex and validated through formal proofs and randomized testing. Understand how a trusted application server specifies and enforces security policies based on roles with read and write privileges for specific fields of an SRDT. Gain insights into the projection of data and security policies to omit non-readable fields for users with different roles, and how the server acts as an intermediary to enforce write privileges. This 18-minute presentation by researchers from Vrije Universiteit Brussel offers valuable knowledge for developers and security specialists working with replicated data types and offline-capable applications.

[OOPSLA23] Secure RDTs: Enforcing Access Control Policies for Offline Available JSON Data