Rule Configuration Checking in Secure Cooperative Data Access

In this paper, we consider an environment where a group of parties have their own relational databases and provide restricted access to other parties. In order to implement desired business services, each party defines a set of authorization rules over the join of basic relations, and these rules can be viewed as the configurations of the accessible information in the cooperative data access environment. However, authorization rules are likely to be developed by each enterprise somewhat independently based on their business needs and may not be sufficiently well defined to be enforceable. That is, the rules may be missing some crucial access capabilities that are essential for implementing the desired restrictions. In this paper, we propose a mechanism to check the rule enforceability for each given authorization rule.

[1]  Alfred V. Aho,et al.  The theory of joins in relational databases , 1979, ACM Trans. Database Syst..

[2]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[3]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[4]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[5]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[6]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[7]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[8]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[9]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[10]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[11]  Jonathan Goldstein,et al.  Optimizing queries using materialized views: a practical, scalable solution , 2001, SIGMOD '01.

[12]  Ehab Al-Shaer,et al.  Automated pseudo-live testing of firewall configuration enforcement , 2009, IEEE Journal on Selected Areas in Communications.

[13]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[14]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[15]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.