Design of a Secure Python Web Application Implementing Chinese Wall Model of Access Control and CSRF Protection
Developed the application's backend using Flask, a powerful web framework in Python. Utilized Python programming language to implement robust and efficient backend functionalities, including user authentication, database management, and secure file access. Implemented a secure login system using CSRF tokens to prevent cross-site request forgery attacks. Employed industry best practices to ensure the confidentiality and integrity of user credentials and session management. Incorporated the Chinese Wall Model for temporal access control of documents within the application. Designed a comprehensive database structure to manage users, companies, and files, enforcing strict access restrictions based on user roles and conflict of interest criteria.
- Sankalp Bhamare
- Rohan Rajesh Kalbag
- Jujhaar Singh
- Rishabh Ravi
-
- Employee ID, Password, Role, Set of Accessible Companies.
- Files accessed before (CD, COI)
-
- Flag to check whether Sanitized or Unsanitized Data
- Content of the File
- Owner Company (CD)
-
- Company Name (CD)
- Conflict of Interest (COI)
-
- The backend has a set of documents owned by specific companies
- List of users and the companies they have access to initially
- Chinese Wall Model for temporal access control of different documents
-
- Object: Files of a company (Text Documents .txt)
- CD: all the files belonging to the same company
- COI: similar companies that have a conflict of interest
-
- Has already read an file of the same company
- Has not read any file before having the same COI.
- The file is sanitized or its contents are available for public access
-
- Has read access to the file
- All the files that he can read must be in the same company.