Enabling policy-based access control in BI applications

Protecting the sensitive information in a company's data warehouse from unauthorized access is an important component of regulatory compliance and privacy protection for Business Intelligence (BI) applications. The access control features in current database systems are not suitable to meet this requirement since they are limited to base table accesses whereas BI applications typically use materialized views for better performance. In this paper, we provide a middleware-enabled policy-based framework that allows access control to be uniformly applied to both base tables and materialized views to enable selective access to data warehouse. We also provide empirical evaluation of our approach.

[1]  Hongjun Lu,et al.  Dynamic Materialized View Management Based on Predicates , 2003, APWeb.

[2]  Jonathan Goldstein,et al.  MTCache: transparent mid-tier database caching in SQL server , 2004, Proceedings. 20th International Conference on Data Engineering.

[3]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[4]  Daniel C. Zilio,et al.  DB2 advisor: an optimizer smart enough to recommend its own indexes , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[5]  Quanzhong Li,et al.  Indexing and Querying XML Data for Regular Path Expressions , 2001, VLDB.

[6]  Roberta Cochrane,et al.  How to roll a join: asynchronous incremental view maintenance , 2000, SIGMOD 2000.

[7]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[8]  Luping Ding,et al.  Dynamic Materialized Views , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[9]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[10]  Surajit Chaudhuri,et al.  Automated Selection of Materialized Views and Indexes in SQL Databases , 2000, VLDB.

[11]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[12]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[13]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[14]  Vivek R. Narasayya,et al.  Automatic physical design tuning: workload as a sequence , 2006, SIGMOD Conference.

[15]  Elke A. Rundensteiner,et al.  Maintaining data warehouses over changing information sources , 2000, CACM.

[16]  Benoît Dageville,et al.  Automatic SQL Tuning in Oracle 10g , 2004, VLDB.

[17]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[18]  Jeffrey D. Ullman,et al.  Principles of Database Systems , 1980 .

[19]  Paul Bird,et al.  A Multi-Purpose Implementation of Mandatory Access Control in Relational Database Management Systems , 2004, VLDB.

[20]  Sam Lightstone,et al.  DB2 Design Advisor: Integrated Automatic Physical Database Design , 2004, VLDB.

[21]  Hamid Pirahesh,et al.  Cache Tables: Paving the Way for an Adaptive Database Cache , 2003, VLDB.

[22]  Ambuj K. Singh,et al.  Efficient view maintenance at data warehouses , 1997, SIGMOD '97.