Minimum cost rule enforcement for cooperative database access

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. Each party is assumed to store its data in private relational databases, and is given a set of mutually agreed set of authorization rules that specify access to attributes over individual relations or joins over relations owned by one or more parties. The access restrictions introduce significant additional complexity in rule enforcement and query planning as compared with a traditional distributed database environment. We examine the problem of minimum cost rule enforcement which simultaneously checks for the enforceability of each rule and generation of minimum cost plan of its execution. However, the paper is not focused on specific cost functions, but instead of efficient methods for enforcing rules in the face of access restrictions and inter-party data transfer needs. We propose an efficient heuristic algorithm for this minimal enforcement since the exact problem is NP-hard. In some cases, it is not possible to enforce the rules with the regular parties only. In such cases, we need help of trusted third parties (TPs). If all parties trust a single TP, such a party can enforce all unenforced rules, but it is desirable to use the TP minimally. We also consider the extended case where multiple TPs are required since not every regular party can trust a single TP.

[1]  Jonathan Goldstein,et al.  Optimizing queries using materialized views: a practical, scalable solution , 2001, SIGMOD '01.

[2]  Y HalevyAlon Answering queries using views: A survey , 2001, VLDB 2001.

[3]  Sushil Jajodia,et al.  Consistency and enforcement of access rules in cooperative data sharing environment , 2014, Comput. Secur..

[4]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.

[5]  Sushil Jajodia,et al.  Consistent Query Plan Generation in Secure Cooperative Data Access , 2014, DBSec.

[6]  Alberto O. Mendelzon,et al.  Authorization Views and Conditional Query Containment , 2005, ICDT.

[7]  Surajit Chaudhuri,et al.  An overview of query optimization in relational systems , 1998, PODS.

[8]  Sushil Jajodia,et al.  Rule Enforcement with Third Parties in Secure Cooperative Data Access , 2013, DBSec.

[9]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[10]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[11]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[12]  Sushil Jajodia,et al.  Authorization enforcement in distributed query evaluation , 2011, J. Comput. Secur..

[13]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[14]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[15]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[16]  Radu Sion,et al.  Query Execution Assurance for Outsourced Databases , 2005, VLDB.

[17]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[18]  Sushil Jajodia,et al.  Access rule consistency in cooperative data access environment , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[19]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[20]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[21]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[22]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.