Consistent Query Plan Generation in Secure Cooperative Data Access

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. We assume that each party stores its data in private relational databases, and is given a set of mutually agreed set of authorization rules that may involve joins over relations owned by one or more parties. Although the query planning problem in such an environment is similar to the one for distributed databases, the access restrictions introduce significant additional complexity that we address in this paper. We examine the problem of efficiently enforcing rules and generating query execution plans in this environment. Because of the exponential complexity of optimal query planning, our query planning algorithm is heuristics based but produces excellent, if not optimal, results in most of the practical cases.

[1]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[2]  Surajit Chaudhuri,et al.  An overview of query optimization in relational systems , 1998, PODS.

[3]  Kyuseok Shim,et al.  Optimizing queries with materialized views , 1995, Proceedings of the Eleventh International Conference on Data Engineering.

[4]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[5]  Sushil Jajodia,et al.  Consistency and enforcement of access rules in cooperative data sharing environment , 2014, Comput. Secur..

[6]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.

[7]  Sushil Jajodia,et al.  Access rule consistency in cooperative data access environment , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[8]  Jonathan Goldstein,et al.  Optimizing queries using materialized views: a practical, scalable solution , 2001, SIGMOD '01.

[9]  Ioana Manolescu,et al.  Query optimization in the presence of limited access patterns , 1999, SIGMOD '99.

[10]  Shirley Dex,et al.  JR 旅客販売総合システム(マルス)における運用及び管理について , 1991 .

[11]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[12]  Basit Shafiq,et al.  Data and Applications Security and Privacy XXVII , 2013, Lecture Notes in Computer Science.

[13]  Alberto O. Mendelzon,et al.  Authorization Views and Conditional Query Containment , 2005, ICDT.

[14]  Sushil Jajodia,et al.  Rule Enforcement with Third Parties in Secure Cooperative Data Access , 2013, DBSec.

[15]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[16]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[17]  Marvin H. Solomon,et al.  The GMAP: a versatile tool for physical data independence , 1996, The VLDB Journal.

[18]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[19]  Radu Sion,et al.  Query Execution Assurance for Outsourced Databases , 2005, VLDB.

[20]  Peng Ning,et al.  Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings , 2009, ESORICS.

[22]  Per-Åke Larson,et al.  Query Transformation for PSJ-Queries , 1987, VLDB.

[23]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[24]  Sushil Jajodia,et al.  Authorization enforcement in distributed query evaluation , 2011, J. Comput. Secur..

[25]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[26]  Thomas Eiter,et al.  Database Theory - Icdt 2005 , 2008 .

[27]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[28]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[29]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.