Effectively and efficiently selecting access control rules on materialized views over relational databases

A novel framework for effectively and efficiently selecting fine-grained access control rules from a target relational database to the set of materialized views defined on such a database is presented and experimentally assessed in this paper, along with the main algorithm implementing the focal selection task, called VSP-Bucket. The proposed security framework introduces a number of research innovations, ranging from a novel Datalog-based syntax, and related semantics, aimed at modeling and expressing access control rules over relational databases to algorithm VSP-Bucket itself, which is a meaningful adaptation of a well-know view-based query re-writing algorithm for query optimization purposes. Our framework exposes a high flexibility, due to the fact it allows several classes of access control rules to be expressed and handled on top of large relational databases, and, at the same, it introduces high effectiveness and efficiency, as demonstrated by our comprehensive experimental evaluation and analysis of performance and scalability of algorithm VSP-Bucket.

[1]  Mihalis Yannakakis,et al.  Equivalences Among Relational Expressions with the Union and Difference Operators , 1980, J. ACM.

[2]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[3]  Wenfei Fan,et al.  Secure XML querying with security views , 2004, SIGMOD '04.

[4]  Arnon Rosenthal,et al.  Abstracting and Refining Authorization in SQL , 2004, Secure Data Management.

[5]  Jorge Lobo,et al.  On the Correctness Criteria of Fine-Grained Access Control in Relational Databases , 2007, VLDB.

[6]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[7]  Chris Clifton,et al.  Derived access control specification for XML , 2003, XMLSEC '03.

[8]  Dan Suciu,et al.  Access control over uncertain data , 2008, Proc. VLDB Endow..

[9]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[10]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[11]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[12]  Sushil Jajodia,et al.  Maintaining privacy on derived objects , 2005, WPES '05.

[13]  Ashok K. Chandra,et al.  Optimal implementation of conjunctive queries in relational data bases , 1977, STOC '77.

[14]  Kamesh Munagala,et al.  Modeling and exploiting query interactions in database systems , 2008, CIKM '08.

[15]  Marianne Winslett,et al.  Implementing Reflective Access Control in SQL , 2009, DBSec.

[16]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[17]  Ashish Gupta,et al.  Materialized views: techniques, implementations, and applications , 1999 .

[18]  Peng Liu,et al.  Incremental adaptation of XPath access control views , 2007, ASIACCS '07.

[19]  S. Sudarshan,et al.  Redundancy and information leakage in fine-grained access control , 2006, SIGMOD Conference.

[20]  Ehud Gudes,et al.  Fine-grained access control to web databases , 2007, SACMAT '07.

[21]  Matthias Jarke,et al.  Query Optimization in Database Systems , 1984, CSUR.

[22]  Inderpal Singh Mumick,et al.  Selection of Views to Materialize in a Data Warehouse , 2005, IEEE Trans. Knowl. Data Eng..

[23]  Rakesh Agrawal,et al.  Extending relational database systems to automatically enforce privacy policies , 2005, 21st International Conference on Data Engineering (ICDE'05).

[24]  Mohand-Said Hacid,et al.  Inheriting Access Control Rules from Large Relational Databases to Materialized Views Automatically , 2010, KES.