Secure Query-Processing Strategies
Computer
On rules, procedure, caching and views in data base systems
SIGMOD '90 Proceedings of the 1990 ACM SIGMOD international conference on Management of data
Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Decomposition—a strategy for query processing
ACM Transactions on Database Systems (TODS)
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the Fifth International Conference on Data Engineering
A Scalable Algorithm for Answering Queries Using Views
VLDB '00 Proceedings of the 26th International Conference on Very Large Data Bases
Answering queries using views: A survey
The VLDB Journal — The International Journal on Very Large Data Bases
Access control in a relational data base management system by query modification
ACM '74 Proceedings of the 1974 annual conference - Volume 1
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Privacy-Preserving database systems
Foundations of Security Analysis and Design III
Hi-index | 0.00 |
Applications require fine-grained access control (FGAC) supported by DBMSs themselves. Though much literature has referred to the FGAC, its key problems still remain open. Thus, we develop a FGAC-QD model based on query decomposition strategy with incorporating two notions of authorization rule and predicate transitive rule. In our model, users’ queries are decomposed into a set of one-variable queries (OVQ). For each OVQ, its validity is checked against the corresponding authorization rule; if all the OVQs are valid, the query is inferred to be valid and will be executed without any modification; otherwise the query has illegal access, and will be partially evaluated or rejected directly, according to the feature of applications. Finally, the results of experiments demonstrate the feasibility of FGAC-QD.