Assessing query privileges via safe and efficient permission composition

Authors:
Sabrina De Capitani di Vimercati;Sara Foresti;Sushil Jajodia;Stefano Paraboschi;Pierangela Samarati
Affiliations:
Universita' di Milano, Crema (CR), Italy;Universita' di Milano, Crema (CR), Italy;George Mason University, Fairfax, VA, USA;Universita' di Bergamo, Dalmine (BG), Italy;Universita' di Milano, Crema (CR), Italy
Venue:
Proceedings of the 15th ACM conference on Computer and communications security
Year:
2008

Citing 15
Cited 1

A Proof Procedure for Data Dependencies

Journal of the ACM (JACM)
Query optimization in the presence of limited access patterns

SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
The theory of joins in relational databases

ACM Transactions on Database Systems (TODS)
Foundations of Databases: The Logical Level

Foundations of Databases: The Logical Level
Testing implications of data dependencies

SIGMOD '79 Proceedings of the 1979 ACM SIGMOD international conference on Management of data
An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions

Proceedings of the Fifth International Conference on Data Engineering
Administering permissions for distributed data: factoring and automated inference

Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Computing complete answers to queries in the presence of limited access patterns

The VLDB Journal — The International Journal on Very Large Data Bases
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Computing cores for data exchange: new algorithms and practical solutions

Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Data exchange: computing cores in polynomial time

Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Controlled Information Sharing in Collaborative Distributed Query Processing

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Querying Data under Access Limitations

ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Privacy in GLAV information integration

ICDT'07 Proceedings of the 11th international conference on Database Theory
Rewriting queries using views with access patterns under integrity constraints

ICDT'05 Proceedings of the 10th international conference on Database Theory

Cooperative data access in multi-cloud environments

DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose an approach for the selective enforcement of access control restrictions in, possibly distributed, large data collections based on two basic concepts: i) flexible authorizations identify, in a declarative way, the data that can be released, and ii) queries are checked for execution not with respect to individual authorizations but rather evaluating whether the information release they (directly or indirectly) entail is allowed by the authorizations. Our solution is based on the definition of query profiles capturing the information content of a query and builds on a graph-based modeling of database schema, authorizations, and queries. Access control is then effectively modeled and efficiently executed in terms of graph coloring and composition and on traversal of graph paths. We then provide a polynomial composition algorithm for determining if a query is authorized.