Optimal Security-Aware Query Processing

Security-Aware Query Processing is the problem of computing answers to queries in the presence of access control policies. We present general impossibility results for the existence of optimal algorithms for Security-Aware Query Processing and classify query languages for which such algorithms exist. In particular, we show that for the relational calculus there are no optimal algorithms, whereas optimal algorithms exist for some of its fragments, such as the existential fragment. We also establish relationships between two different models of Fine-Grained Access Control, called Truman and Non-Truman models, which have been previously presented in the literature as distinct. For optimal Security-Aware Query Processing, we show that the Non-Truman model is a special case of the Truman model for boolean queries in the relational calculus, moreover the two models coincide for more powerful languages, such as the relational calculus with aggregation operators. In contrast, these two models are distinct for non-boolean queries.

[1]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[2]  Tao Jiang,et al.  On the Soundness Property for SQL Queries of Fine-grained Access Control in DBMSs , 2009, 2009 Eighth IEEE/ACIS International Conference on Computer and Information Science.

[3]  Leonid Libkin Incomplete information and certain answers in general data models , 2011, PODS.

[4]  Nora Cuppens-Boulahia,et al.  fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality , 2010, DBSec.

[5]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[6]  Dan Suciu,et al.  Query-Based Data Pricing , 2015, J. ACM.

[7]  Serge Abiteboul,et al.  Complexity of answering queries using materialized views , 1998, PODS.

[8]  Rakesh Agrawal,et al.  Extending relational database systems to automatically enforce privacy policies , 2005, 21st International Conference on Data Engineering (ICDE'05).

[9]  Alberto O. Mendelzon,et al.  Authorization Views and Conditional Query Containment , 2005, ICDT.

[10]  Agostino Cortesi,et al.  Fine Grained Access Control for Relational Databases by Abstract Interpretation , 2010, ICSOFT.

[11]  Victor Vianu,et al.  Views and queries: Determinacy and rewriting , 2010, TODS.

[12]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[13]  Yuri Gurevich,et al.  The Classical Decision Problem , 1997, Perspectives in Mathematical Logic.

[14]  Ernesto Damiani,et al.  A general approach to securely querying XML , 2008, Comput. Stand. Interfaces.

[15]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[16]  Rada Chirkova,et al.  View selection for real conjunctive queries , 2007, Acta Informatica.

[17]  E. F. Codd,et al.  Relational Completeness of Data Base Sublanguages , 1972, Research Report / RJ / IBM / San Jose, California.

[18]  Jorge Lobo,et al.  On the Correctness Criteria of Fine-Grained Access Control in Relational Databases , 2007, VLDB.