PHP Implementation of a reference monitor to provide record level access

If you refer to the classic design of a reference monitor

To add record level protection to certain tables firstly we’re going to use the “interface record segmentation” method, which allows us to provide the authorisation database within the protected subject – it is the subject that becomes responsible for providing ownership, group and protection information. This works well with tables in a database implemented at a low level within the active record implementation, however it doesn’t protect the database or entities against direct access via SQL (because that’s not what we’re trying to achieve, and to do that would require a traditional reference monitor wired in a the driver level).

With this approach protected objects need no extra code to support

  • prevent unauthorised access by providing an ID
  • filter lists (via DbIterator) to only contain accessible objects
  • protection against modification of records
  • protection against deletion of records
  • granting of access to a record to a user, group or everyhone

Description of elements of the ZXAF reference monitor

Element Description
Subjects DbEntity derived items (tables/records)
Objects SystemUser derived entity
Audit trail Not yet implemented, but will eventually provide a record of all security-relevant events, such as access attempts, successful or not

Implementation overview

Added interfaces, namely IControlledObject for a DBentity and ISubject for User

To store the data that is required (on record on all protected items) is:

  • IControlledObject.Protection INT
  • IControlledObject.Owner INT
  • IControlledObject.Group INT
  • ISubject.Group INT
  • ISubject.Privileges varchar(255) – comma seperated list of permission names

Reference implementation