Authorization Views and Conditional Query Containment

A recent proposal for database access control consists of defining “authorization views” that specify the accessible data, and declaring a query valid if it can be completely rewritten using the views. Unlike traditional work in query rewriting using views, the rewritten query needs to be equivalent to the original query only over the set of database states that agree with a given set of materializations for the authorization views. With this motivation, we study conditional query containment, i.e. , containment over states that agree on a set of materialized views. We give an algorithm to test conditional containment of conjunctive queries with respect to a set of materialized conjunctive views. We show the problem is ${\it \Pi}^{p}_{2}$-complete. Based on the algorithm, we give a test for a query to be conditionally authorized given a set of materialized authorization views.

[1]  Alfred V. Aho,et al.  Equivalences Among Relational Expressions , 1979, SIAM J. Comput..

[2]  Maurizio Lenzerini,et al.  Data integration: a theoretical perspective , 2002, PODS.

[3]  Divesh Srivastava,et al.  Answering Queries Using Views. , 1999, PODS 1995.

[4]  Z. Meral Özsoyoglu,et al.  On Efficient Reasoning with Implication Constraints , 1993, DOOD.

[5]  Alberto O. Mendelzon,et al.  Tableau Techniques for Querying Information Sources through Global Schemas , 1999, ICDT.

[6]  Mihalis Yannakakis,et al.  Equivalence among Relational Expressions with the Union and Difference Operation , 1978, VLDB.

[7]  Surajit Chaudhuri,et al.  Optimization of real conjunctive queries , 1993, PODS '93.

[8]  Fang Wei-Kleiner,et al.  Containment of Conjunctive Queries with Safe Negation , 2003, ICDT.

[9]  Kyuseok Shim,et al.  Optimizing queries with materialized views , 1995, Proceedings of the Eleventh International Conference on Data Engineering.

[10]  Phokion G. Kolaitis,et al.  On the complexity of the containment problem for conjunctive queries with built-in predicates , 1998, PODS '98.

[11]  Alon Y. Halevy,et al.  Queries Independent of Updates , 1993, VLDB.

[12]  Divesh Srivastava,et al.  Answering Queries with Aggregation Using Views , 1996, VLDB.

[13]  Divesh Srivastava,et al.  Answering Queries Using Views. , 1999, PODS 1995.

[14]  Mihalis Yannakakis,et al.  Equivalences Among Relational Expressions with the Union and Difference Operators , 1980, J. ACM.

[15]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[16]  Anand Rajaraman,et al.  Conjunctive query containment revisited , 2000, Theor. Comput. Sci..

[17]  Todd D. Millstein,et al.  Query containment for data integration systems , 2003, J. Comput. Syst. Sci..

[18]  Diego Calvanese,et al.  Lossless regular views , 2002, PODS.

[19]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[20]  Arnon Rosenthal,et al.  Security Administration for Federations, Warehouses, and other Derived Data , 1999, DBSec.

[21]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[22]  Xiaolei Qian,et al.  Query folding , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[23]  Jeffrey D. Ullman,et al.  Principles Of Database And Knowledge-Base Systems , 1979 .

[24]  Alin Deutsch,et al.  Reformulation of XML Queries and Constraints , 2003, ICDT.

[25]  Jeffrey D. Ullman,et al.  Information integration using logical views , 1997, Theor. Comput. Sci..

[26]  Ron van der Meyden The Complexity of Querying Indefinite Data about Linearly Ordered Domains , 1997, J. Comput. Syst. Sci..

[27]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[28]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[29]  Michael R. Genesereth,et al.  Answering recursive queries using views , 1997, PODS '97.

[30]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[31]  Ashok K. Chandra,et al.  Optimal implementation of conjunctive queries in relational data bases , 1977, STOC '77.

[32]  Serge Abiteboul,et al.  Complexity of answering queries using materialized views , 1998, PODS.

[33]  Yatin P. Saraiya Subtree-elimination algorithms in deductive databases , 1991 .

[34]  Prasenjit Mitra An algorithm for answering queries efficiently using views , 2001, ADC.

[35]  Chen Li,et al.  On Containment of Conjunctive Queries with Arithmetic Comparisons , 2004, EDBT.

[36]  Anthony C. Klug On conjunctive queries containing inequalities , 1988, JACM.

[37]  Joann J. Ordille,et al.  Querying Heterogeneous Information Sources Using Source Descriptions , 1996, VLDB.