research-article

Effectively and efficiently selecting access control rules on materialized views over relational databases

Authors:

Alfredo Cuzzocrea,

Mohand-Said Hacid,

Nicola GrilloAuthors Info & Claims

IDEAS '10: Proceedings of the Fourteenth International Database Engineering & Applications Symposium

Pages 225 - 235

https://doi.org/10.1145/1866480.1866512

Published: 16 August 2010 Publication History

Abstract

A novel framework for effectively and efficiently selecting fine-grained access control rules from a target relational database to the set of materialized views defined on such a database is presented and experimentally assessed in this paper, along with the main algorithm implementing the focal selection task, called VSP-Bucket. The proposed security framework introduces a number of research innovations, ranging from a novel Datalog-based syntax, and related semantics, aimed at modeling and expressing access control rules over relational databases to algorithm VSP-Bucket itself, which is a meaningful adaptation of a well-know view-based query re-writing algorithm for query optimization purposes. Our framework exposes a high flexibility, due to the fact it allows several classes of access control rules to be expressed and handled on top of large relational databases, and, at the same, it introduces high effectiveness and efficiency, as demonstrated by our comprehensive experimental evaluation and analysis of performance and scalability of algorithm VSP-Bucket.

References

[1]

}}Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending Relational Database Systems to Automatically Enforce Privacy Policies. In: Proc. of ICDE 2005, pp. 1013--1022 (2005)

Digital Library

[2]

}}Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proc. of VLDB 2002, pp. 143--154 (2002)

Digital Library

[3]

}}Ahmad, M., Aboulnaga, A., Babu, S., Munagala, K.: Modeling and Exploiting Query Interactions in Database Systems. In Proc. of CIKM 2008, pp. 183--192 (2008)

Digital Library

[4]

}}Ayyagari, P., Mitra, P., Lee, D., Liu, P., Lee, W.-C.: Incremental Adaptation of XPath Access Control Views. In: Proc. of ASIACCS 2007, pp. 105--116 (2007)

Digital Library

[5]

}}Castano, S., Fugini, M., Martella, G., and Samarati, P.: Database Security. Addison Wesley (1995)

Digital Library

[6]

}}Chandra, A. K., Merlin P. M.: Optimal Implementation of Conjunctive Queries in Relational Data Bases. In Proc. of STOC 1977, pp. 77--90 (1977)

Digital Library

[7]

}}Cuzzocrea, A., Hacid, M.-S., Grillo, N.: Inheriting Access Control Rules from Large Relational Databases to Materialized Views Automatically. In: Proc of KES 2010, pp. 426--437 (2010)

Digital Library

[8]

}}Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML Querying with Security Views. In: Proc. of SIGMOD 2004, pp. 587--598 (2004)

Digital Library

[9]

}}Goel, S. K., Clifton, C., Rosenthal, A.: Derived Access Control Specification for XML. In: Proc. of XMLSEC 2003, pp. 1--14 (2003)

Digital Library

[10]

}}Gupta, A., Mumick, I. S.: Materialized Views: Techniques, Implementations, and Applications. The MIT Press, Cambridge, MA, USA (1999)

Digital Library

[11]

}}Gupta, H.: Selection of Views to Materialize in a Data Warehouse. In Proc. of ICDT 1997, pp. 98--112 (1997)

Digital Library

[12]

}}Halevy, A.: Answering Queries Using Views: A Survey. The VLDB Journal 10(4), pp. 270--294 (2001)

Digital Library

[13]

}}Jarke, M., Koch, J.: Query Optimization in Database Systems. ACM Computing Surveys 16(2), pp. 111--152 (1984)

Digital Library

[14]

}}Kabra, G., Ramamurthy, R., Sudarshan, S.: Redundancy and Information Leakage in Fine-Grained Access Control. In: Proc. of SIGMOD 2006, pp. 133--144 (2006)

Digital Library

[15]

}}Matthias, A., Onur, K., Yi, P.: Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments. In: Proc. of CGW 2009, pp. 311--319 (2009)

[16]

}}Olson, L. E., Gunter, C. A., Cook, W. R., Winslett, M.: Implementing Reflective Access Control in SQL. In: Proc. of DBSEC -- Vol. 5645, pp. 17--32 (2001)

Digital Library

[17]

}}Oracle Corp.: The Virtual Private Database in Oracle9iR2: A Technical White Paper. Avaiable at http://www.cgisecurity.com/database/oracle/pdf/VPD9ir2twp.pdf (2002)

[18]

}}Pottinger, R., Halevy, A.: MiniCon: A Scalable Algorithm For Answering Queries Using Views. The VLDB Journal 10(2--3), pp. 182--198 (2001)

Digital Library

[19]

}}Rastogi, V., Suciu, D., Welbourne, E.: Access Control over Uncertain Data. Proceedings of the VLDB Endowment 1(1), pp. 821--832 (2008)

Digital Library

[20]

}}Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proc. of SIGMOD 2004, pp. 551--562 (2004)

Digital Library

[21]

}}Roichman, A., Gudes, E.: Fine-Grained Access Control to Web Databases. In: Proc. of SACMAT 2007, pp. 181--184 (2007)

Digital Library

[22]

}}Rosenthal, A. Sciore, E.: Abstracting and Refining Authorization in SQL. In: Proc. of SDM 2004, pp. 148--162 (2004)

[23]

}}Sagiv, Y., Yannakakis, M.: Equivalences Among Relational Expressions with the Union and Difference Operators. Journal of the ACM 27(4), pp. 633--655 (1980)

Digital Library

[24]

}}Stonebraker, M., Wong, E.: Access Control in a Relational Data Base Management System by Query Modification. In: Proc. of ACM Annual Conference 1974 -- Vol. 1, pp. 180--186 (1974)

Digital Library

[25]

}}Sybase Corp.: New Security Features in Sybase Adaptive Server Enterprise. Sybase Technical White Paper (2003)

[26]

}}Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.-W.: On the Correctness Criteria of Fine-Grained Access Control in Relational Databases. In: Proc. of VLDB 2007, pp. 555--556 (2007)

Digital Library

[27]

}}Zannone, N., Jajodia, S., Massacci, F., Wijesekera, D.: Maintaining Privacy on Derived Objects. In: Proc. of WPES 2005, pp. 10--19 (2006)

Digital Library

Cited By

Jebali ASassi SJemai A(2020)Inference Control in Distributed Environment: A Comparison StudyRisks and Security of Internet and Systems10.1007/978-3-030-41568-6_5(69-83)Online publication date: 28-Feb-2020
https://doi.org/10.1007/978-3-030-41568-6_5
Sellami MHacid MGammoudi M(2018)A FCA framework for inference control in data integration systemsDistributed and Parallel Databases10.1007/s10619-018-7241-5Online publication date: 1-Aug-2018
https://doi.org/10.1007/s10619-018-7241-5
Gorshkova ENovikov BShukla M(2017)A Fine-Grained Access Control Model and ImplementationProceedings of the 18th International Conference on Computer Systems and Technologies10.1145/3134302.3134310(187-194)Online publication date: 23-Jun-2017
https://dl.acm.org/doi/10.1145/3134302.3134310
Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IDEAS '10: Proceedings of the Fourteenth International Database Engineering & Applications Symposium

August 2010

282 pages

ISBN:9781605589008

DOI:10.1145/1866480

General Chair:
Bipin C. Desai
Concordia University, Montréal, QC, Canada
,
Program Chair:
Jorge Bernardino
Instituto Politecnico de Coimbra, Portugal

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery
BytePress
Concordia University: Concordia University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 August 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IDEAS '10

Sponsor:

ACM
Concordia University

IDEAS '10: Fourteenth International Database Engineering & Applications

August 16 - 18, 2010

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 74 of 210 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
304
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jebali ASassi SJemai A(2020)Inference Control in Distributed Environment: A Comparison StudyRisks and Security of Internet and Systems10.1007/978-3-030-41568-6_5(69-83)Online publication date: 28-Feb-2020
https://doi.org/10.1007/978-3-030-41568-6_5
Sellami MHacid MGammoudi M(2018)A FCA framework for inference control in data integration systemsDistributed and Parallel Databases10.1007/s10619-018-7241-5Online publication date: 1-Aug-2018
https://doi.org/10.1007/s10619-018-7241-5
Gorshkova ENovikov BShukla M(2017)A Fine-Grained Access Control Model and ImplementationProceedings of the 18th International Conference on Computer Systems and Technologies10.1145/3134302.3134310(187-194)Online publication date: 23-Jun-2017
https://dl.acm.org/doi/10.1145/3134302.3134310
Sellami MHacid MGammoudi M(2017)An Incremental Approach to Data Integration in Presence of Access Control Policies2017 IEEE 2nd International Workshops on Foundations and Applications of Self* Systems (FAS*W)10.1109/FAS-W.2017.146(187-190)Online publication date: Sep-2017
https://doi.org/10.1109/FAS-W.2017.146
Sellami MHacid MGammoudi M(2015)Inference Control in Data Integration SystemsProceedings of the Confederated International Conferences on On the Move to Meaningful Internet Systems: OTM 2015 Conferences - Volume 941510.1007/978-3-319-26148-5_17(285-302)Online publication date: 26-Oct-2015
https://dl.acm.org/doi/10.1007/978-3-319-26148-5_17
Nait-Bahloul SCoquery EHacid M(2012)Authorization Policies for Materialized ViewsInformation Security and Privacy Research10.1007/978-3-642-30436-1_43(525-530)Online publication date: 2012
https://doi.org/10.1007/978-3-642-30436-1_43
Bahloul SCoquery EHacid M(2011)Access control to materialized viewsProceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop10.1145/1966874.1966878(19-24)Online publication date: 25-Mar-2011
https://dl.acm.org/doi/10.1145/1966874.1966878

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents