Explainable Security for Relational Databases (Extended Experimental Evaluation)

The goal of our experimental evaluation was three-fold. First, we wanted to verify that SQL queries containing a wide range of commonly used features could be correctly handled by the compiler discussed in Section 4. Second, we wanted to determine whether the language of filterproject queries described in Section 4.2 was powerful enough to represent a variety of practical security constraints. And third, we wanted to determine whether policy formulas could be generated quickly enough to be used in practical systems. We implemented a prototype system in Java. The prototype’s architecture is depicted in Figure 1. Our system consisted of three main components: (i) a compiler for translating SQL queries into filter-project queries, (ii) a module for representing and reasoning about filter-project queries, and (iii) a module for representing and evaluating policy formulas and generating why-so and whynot explanations. The implementation of our compiler consisted of just over 5,500 lines of Java code, while filter-project queries were implemented in about 1,000 lines, and policy formulas were implemented in 250.