research-article

Optimal security-aware query processing

Authors:

Marco Guarnieri,

David BasinAuthors Info & Claims

Proceedings of the VLDB Endowment, Volume 7, Issue 12

Pages 1307 - 1318

https://doi.org/10.14778/2732977.2733003

Published: 01 August 2014 Publication History

Abstract

Security-Aware Query Processing is the problem of computing answers to queries in the presence of access control policies. We present general impossibility results for the existence of optimal algorithms for Security-Aware Query Processing and classify query languages for which such algorithms exist. In particular, we show that for the relational calculus there are no optimal algorithms, whereas optimal algorithms exist for some of its fragments, such as the existential fragment.

We also establish relationships between two different models of Fine-Grained Access Control, called Truman and Non-Truman models, which have been previously presented in the literature as distinct. For optimal Security-Aware Query Processing, we show that the Non-Truman model is a special case of the Truman model for boolean queries in the relational calculus, moreover the two models coincide for more powerful languages, such as the relational calculus with aggregation operators. In contrast, these two models are distinct for non-boolean queries.

References

[1]

New Security Features in Sybase Adaptive Server Enterprise. Sybase Technical White Paper, 2003.

[2]

S. Abiteboul and O. M. Duschka. Complexity of answering queries using materialized views. In Proceedings of the 17th Symposium on Principles of Database Systems, pages 254--263. ACM, 1998.

Digital Library

[3]

S. Abiteboul, R. Hull, and V. Vianu. Foundations of databases, volume 8. Addison-Wesley, 1995.

Digital Library

[4]

F. Afrati, R. Chirkova, M. Gergatsoulis, and V. Pavlaki. View selection for real conjunctive queries. Acta Inf., 44(5): 289--321, Aug. 2007.

Digital Library

[5]

R. Agrawal, P. Bird, T. Grandison, J. Kiernan, S. Logan, and W. Rjaibi. Extending relational database systems to automatically enforce privacy policies. In Proceedings of the 21st International Conference on Data Engineering, pages 1013--1022. IEEE, 2005.

Digital Library

[6]

E. Börger, E. Grädel, and Y. Gurevich. The classical decision problem. Springer Verlag, 2001.

[7]

K. Browder and M. Davidson. The virtual private database in Oracle9iR2. Oracle Technical White Paper, Oracle Corporation, 500, 2002.

[8]

E. F. Codd. Relational completeness of data base sublanguages. IBM Corporation, 1972.

[9]

E. Damiani, M. Fansi, A. Gabillon, and S. Marrara. A general approach to securely querying XML. Computer standards & interfaces, 30(6): 379--389, 2008.

Digital Library

[10]

R. Halder and A. Cortesi. Fine grained access control for relational databases by abstract interpretation. In Software and Data Technologies, volume 170, pages 235--249. Springer, 2013.

[11]

P. Koutris, P. Upadhyaya, M. Balazinska, B. Howe, and D. Suciu. Query-based data pricing. In Proceedings of the 31st Symposium on Principles of Database Systems, pages 167--178. ACM, 2012.

Digital Library

[12]

K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. DeWitt. Limiting disclosure in hippocratic databases. In Proceedings of the 30th International Conference on Very Large Data Bases, pages 108--119. VLDB Endowment, 2004.

Digital Library

[13]

L. Libkin. Incomplete information and certain answers in general data models. In Proceedings of the 30th Symposium on Principles of Database Systems, pages 59--70. ACM, 2011.

Digital Library

[14]

A. Nash, L. Segoufin, and V. Vianu. Views and queries: Determinacy and rewriting. ACM Transactions on Database Systems, 35(3):21, 2010.

Digital Library

[15]

S. Oulmakhzoune, N. Cuppens-Boulahia, F. Cuppens, and S. Morucci. fQuery: SPARQL query rewriting to enforce data confidentiality. In Data and Applications Security and Privacy, pages 146--161. Springer, 2010.

Digital Library

[16]

S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy. Extending query rewriting techniques for fine-grained access control. In Proceedings of the 31st International Conference on Management of Data, pages 551--562. ACM, 2004.

Digital Library

[17]

J. Shi, H. Zhu, G. Fu, and T. Jiang. On the Soundness Property for SQL Queries of Fine-grained Access Control in DBMSs. In 8th IEEE/ACIS International Conference on Computer and Information Science, pages 469--474, 2009.

Digital Library

[18]

M. Stonebraker and E. Wong. Access control in a relational data base management system by query modification. In Proceedings of the 1974 Annual Conference - Volume 1, pages 180--186. ACM, 1974.

Digital Library

[19]

Q. Wang, T. Yu, N. Li, J. Lobo, E. Bertino, K. Irwin, and J.-W. Byun. On the correctness criteria of fine-grained access control in relational databases. In Proceedings of the 33rd International Conference on Very large data bases, pages 555--566. VLDB Endowment, 2007.

Digital Library

[20]

Z. Zhang and A. Mendelzon. Authorization views and conditional query containment. In Proceedings of International Conference on Database Theory, volume 3363, pages 259--273. Springer, 2005.

Digital Library

Cited By

De Capitani di Vimercati SForesti SSamarati P(2023)Protecting Data and Queries in Cloud-Based ScenariosSN Computer Science10.1007/s42979-023-01862-64:5Online publication date: 10-Jun-2023
https://dl.acm.org/doi/10.1007/s42979-023-01862-6
Benedikt MBourhis PCate BPuppis GBoom M(2021)Inference from Visible Information and Background KnowledgeACM Transactions on Computational Logic10.1145/345291922:2(1-69)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3452919
Głuch GMarcinkowski JOstropolski-Nalewaja P(2018)Can One Escape Red Chains?Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3209108.3209120(492-501)Online publication date: 9-Jul-2018
https://dl.acm.org/doi/10.1145/3209108.3209120
Show More Cited By

Optimal security-aware query processing
1. Information systems
  1. Data management systems
    1. Database management system engines
2. Theory of computation
  1. Theory and algorithms for application domains
    1. Database theory

Recommendations

View-based query processing: On the relationship between rewriting, answering and losslessness

As a result of the extensive research in view-based query processing, three notions have been identified as fundamental, namely rewriting, answering, and losslessness. Answering amounts to computing the tuples satisfying the query in all databases ...
Rank-aware query processing and optimization
Exploiting Constraints in Query Processing: Query transformation using interity constraints and views

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the VLDB Endowment

Proceedings of the VLDB Endowment Volume 7, Issue 12

August 2014

296 pages

ISSN:2150-8097

Editors:
H. V. Jagadish
University of Michigan
,
Aoying Zhou
East Normal University, China

Issue’s Table of Contents

Publisher

VLDB Endowment

Publication History

Published: 01 August 2014

Published in PVLDB Volume 7, Issue 12

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
78
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

De Capitani di Vimercati SForesti SSamarati P(2023)Protecting Data and Queries in Cloud-Based ScenariosSN Computer Science10.1007/s42979-023-01862-64:5Online publication date: 10-Jun-2023
https://dl.acm.org/doi/10.1007/s42979-023-01862-6
Benedikt MBourhis PCate BPuppis GBoom M(2021)Inference from Visible Information and Background KnowledgeACM Transactions on Computational Logic10.1145/345291922:2(1-69)Online publication date: 21-Jun-2021
https://dl.acm.org/doi/10.1145/3452919
Głuch GMarcinkowski JOstropolski-Nalewaja P(2018)Can One Escape Red Chains?Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science10.1145/3209108.3209120(492-501)Online publication date: 9-Jul-2018
https://dl.acm.org/doi/10.1145/3209108.3209120
Benedikt MGrau BKostylev ESingh SMarkovitch S(2017)Source information disclosure in ontology-based data integrationProceedings of the Thirty-First AAAI Conference on Artificial Intelligence10.5555/3298239.3298395(1056-1062)Online publication date: 4-Feb-2017
https://dl.acm.org/doi/10.5555/3298239.3298395
De Capitani di Vimercati SForesti SJajodia SLivraga GParaboschi SSamarati P(2017)An authorization model for multi provider queriesProceedings of the VLDB Endowment10.14778/3157794.315779611:3(256-268)Online publication date: 1-Nov-2017
https://dl.acm.org/doi/10.14778/3157794.3157796
Xu YHunt TKwon YGeorgiev MShmatikov VWitchel EArgyraki KIsaacs R(2016)EarpProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930652(627-642)Online publication date: 16-Mar-2016
https://dl.acm.org/doi/10.5555/2930611.2930652

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents