Strong and Provably Secure Database Access Control

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.

[1]  Marco Guarnieri,et al.  Optimal Security-Aware Query Processing , 2014, Proc. VLDB Endow..

[2]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[3]  Csilla Farkas,et al.  The inference problem: Maintaining maximal availability in the presence of database updates , 2010, Comput. Secur..

[4]  Johannes Gehrke,et al.  Explainable security for relational databases , 2014, SIGMOD Conference.

[5]  Marianne Winslett,et al.  Multilevel Secure Rules: Integrating the Multilevel Secure and Active Data Models , 1993, DBSec.

[6]  Tao Jiang,et al.  On the Soundness Property for SQL Queries of Fine-grained Access Control in DBMSs , 2009, 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science.

[7]  Jorge Lobo,et al.  On the Correctness Criteria of Fine-Grained Access Control in Relational Databases , 2007, VLDB.

[8]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[9]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[10]  Stephen Chong,et al.  Learning is Change in Knowledge: Knowledge-Based Security for Dynamic Policies , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[11]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[12]  Andrei Sabelfeld,et al.  Tight Enforcement of Information-Release Policies for Dynamic Languages , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[13]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[14]  Peng Li,et al.  Practical information flow control in Web-based information systems , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[15]  Dorothy E. Denning,et al.  A Multilevel Relational Data Model , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[17]  Barbara Liskov,et al.  IFDB: decentralized information flow control for databases , 2013, EuroSys '13.

[18]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[19]  Sarit Kraus,et al.  Foundations of Secure Deductive Databases , 1995, IEEE Trans. Knowl. Data Eng..

[20]  Dan Suciu,et al.  Query-Based Data Pricing , 2015, J. ACM.

[21]  Rakesh Agrawal,et al.  Extending relational database systems to automatically enforce privacy policies , 2005, 21st International Conference on Data Engineering (ICDE'05).

[22]  Nikhil Swamy,et al.  Cross-tier, label-based security enforcement for web applications , 2009, SIGMOD Conference.

[23]  Benjamin C. Pierce,et al.  Reactive noninterference , 2009, CCS.

[24]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[25]  Victor Vianu,et al.  Views and queries: Determinacy and rewriting , 2010, TODS.

[26]  Narciso Martí-Oliet,et al.  The Maude 2.0 System , 2003, RTA.

[27]  Johannes Gehrke,et al.  Fine-grained disclosure control for app ecosystems , 2013, SIGMOD '13.

[28]  Sushil Jajodia,et al.  Polyinstantiation integrity in multilevel relations , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[29]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[30]  Andrei Sabelfeld,et al.  Gradual Release: Unifying Declassification, Encryption and Key Release Policies , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[31]  Andrei Sabelfeld,et al.  SeLINQ , 2014, ICFP.

[32]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[33]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[34]  Agostino Cortesi,et al.  Fine Grained Access Control for Relational Databases by Abstract Interpretation , 2010, ICSOFT.

[35]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[36]  Hao Chen,et al.  DBTaint: Cross-Application Information Flow Tracking via Databases , 2010, WebApps.

[37]  Roberto Giacobazzi,et al.  Abstract non-interference: parameterizing non-interference by abstract interpretation , 2004, POPL.