FGAC-QD: fine-grained access control model based on query decomposition strategy

Authors:
Guoqiang Zhan;Zude Li;Xiaojun Ye;Jianmin Wang
Affiliations:
School of Software, Tsinghua University, Beijing, China;School of Software, Tsinghua University, Beijing, China;School of Software, Tsinghua University, Beijing, China;School of Software, Tsinghua University, Beijing, China
Venue:
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Year:
2006

Citing 12
Cited 0

Secure Query-Processing Strategies

Computer
On rules, procedure, caching and views in data base systems

SIGMOD '90 Proceedings of the 1990 ACM SIGMOD international conference on Management of data
Toward a multilevel secure relational data model

SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Decomposition—a strategy for query processing

ACM Transactions on Database Systems (TODS)
Role-based authorization constraints specification

ACM Transactions on Information and System Security (TISSEC)
An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions

Proceedings of the Fifth International Conference on Data Engineering
A Scalable Algorithm for Answering Queries Using Views

VLDB '00 Proceedings of the 26th International Conference on Very Large Data Bases
Answering queries using views: A survey

The VLDB Journal — The International Journal on Very Large Data Bases
Access control in a relational data base management system by query modification

ACM '74 Proceedings of the 1974 annual conference - Volume 1
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies

ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Privacy-Preserving database systems

Foundations of Security Analysis and Design III

Quantified Score

Hi-index	0.00

Visualization

Abstract

Applications require fine-grained access control (FGAC) supported by DBMSs themselves. Though much literature has referred to the FGAC, its key problems still remain open. Thus, we develop a FGAC-QD model based on query decomposition strategy with incorporating two notions of authorization rule and predicate transitive rule. In our model, users’ queries are decomposed into a set of one-variable queries (OVQ). For each OVQ, its validity is checked against the corresponding authorization rule; if all the OVQs are valid, the query is inferred to be valid and will be executed without any modification; otherwise the query has illegal access, and will be partially evaluated or rejected directly, according to the feature of applications. Finally, the results of experiments demonstrate the feasibility of FGAC-QD.