Simultaneous optimization and evaluation of multiple dimensional queries
SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Efficient and extensible algorithms for multi query optimization
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Rewriting Histories: Recovering from Malicious Transactions
Distributed and Parallel Databases - Security of data and transaction processing
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Incremental Implementation Model for Relational Databases with Transaction Time
IEEE Transactions on Knowledge and Data Engineering
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Design, Implementation, and Evaluation of a Repairable Database Management System
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Recovery from "bad" user transactions
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Provenance management in curated databases
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Auditing disclosure by relevance ranking
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
An annotation management system for relational databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A data damage tracking quarantine and recovery (DTQR) scheme for mission-critical database systems
Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
ICDE '08 Proceedings of the 2008 IEEE 24th International Conference on Data Engineering
Auditing a Database under Retention Restrictions
ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Efficient auditing for complex SQL queries
Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
Explaining accesses to electronic health records
Proceedings of the 2011 workshop on Data mining for medicine and healthcare
Proceedings of the VLDB Endowment
Implementing a data lineage tracker
DaWaK'12 Proceedings of the 14th international conference on Data Warehousing and Knowledge Discovery
Auditing a database under retention policies
The VLDB Journal — The International Journal on Very Large Data Bases
Hi-index | 0.00 |
Recent legislation has increased the requirements of organizations to report data breaches, or unauthorized access to data. While access control policies are used to restrict access to a database, these policies are complex and difficult to configure. As a result, misconfigurations sometimes allow users access to unauthorized data. In this paper, we consider the problem of reporting data breaches after such a misconfiguration is detected. To locate past SQL queries that may have revealed unauthorized information, we introduce the novel idea of a misconfiguration response (MR) query. The MR-query cleanly addresses the challenges of information propagation within the database by replaying the log of operations and returning all logged queries for which the result has changed due to the misconfiguration. A strawman implementation of the MR-query would go back in time and replay all the operations that occurred in the interim, with the correct policy. However, re-executing all operations is inefficient. Instead, we develop techniques to improve reporting efficiency by reducing the number of operations that must be re-executed and reducing the cost of replaying the operations. An extensive evaluation shows that our method can reduce the total runtime by up to an order of magnitude.