Controlled Information Sharing in Collaborative Distributed Query Processing

We present a simple, yet powerful, approach for the specification and enforcement of authorizations regulating data release among data holders collaborating in a distributed computation, to ensure that query processing discloses only data whose release has been explicitly authorized. Data disclosure is captured by means of profiles, associated with each data computation, that describe the information carried by the result. We also present an algorithm that, given a query plan, determines whether it can be safely executed and produces a safe execution strategy. The main advantage of our approach is its simplicity that, without impacting expressiveness, makes it nicely interoperable with current solutions for collaborative computations in distributed database systems.

[1]  Alfred V. Aho,et al.  The theory of joins in relational databases , 1979, ACM Trans. Database Syst..

[2]  Stefano Ceri,et al.  Distributed Databases: Principles and Systems , 1984 .

[3]  Patricia G. Selinger,et al.  Access path selection in a relational database management system , 1979, SIGMOD '79.

[4]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[5]  Dean Daniels,et al.  Optimization of Nested Queries in a Distributed Relational Database , 1984, VLDB.

[6]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[7]  Georg Gottlob,et al.  Data exchange: computing cores in polynomial time , 2006, PODS '06.

[8]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[9]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[10]  Ioana Manolescu,et al.  Query optimization in the presence of limited access patterns , 1999, SIGMOD '99.

[11]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[12]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[13]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.

[14]  Alin Deutsch,et al.  Rewriting queries using views with access patterns under integrity constraints , 2005, Theor. Comput. Sci..

[15]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.

[16]  Alin Deutsch,et al.  Privacy in GLAV Information Integration , 2007, ICDT.

[17]  Yu-Chi Ho,et al.  A methodology for interpreting tree queries into optimal semi-join expressions , 1980, SIGMOD '80.