Redundancy and information leakage in fine-grained access control

Authors:
Govind Kabra;Ravishankar Ramamurthy;S. Sudarshan
Affiliations:
Univ. of Illinois, Urbana-Champaign;Microsoft Research;I.I.T. Bombay
Venue:
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Year:
2006

Citing 8
Cited 7

Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures

IEEE Transactions on Knowledge and Data Engineering
An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions

Proceedings of the Fifth International Conference on Data Engineering
The Volcano Optimizer Generator: Extensibility and Efficient Search

Proceedings of the Ninth International Conference on Data Engineering
Optimal implementation of conjunctive queries in relational data bases

STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Access control in a relational data base management system by query modification

ACM '74 Proceedings of the 1974 annual conference - Volume 1
Extending query rewriting techniques for fine-grained access control

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies

ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Limiting disclosure in hippocratic databases

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30

A formal framework for reflective database access control policies

Proceedings of the 15th ACM conference on Computer and communications security
Implementing Reflective Access Control in SQL

Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Effectively and efficiently selecting access control rules on materialized views over relational databases

Proceedings of the Fourteenth International Database Engineering & Applications Symposium
Inheriting access control rules from large relational databases to materialized views automatically

KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III
Diesel: applying privilege separation to database access

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
AccKW: an efficient access control scheme for keyword-based search over RDBMS

DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Integrating trust management and access control in data-intensive Web applications

ACM Transactions on the Web (TWEB)

Quantified Score

Hi-index	0.00

Visualization

Abstract

The current SQL standard for access control is coarse grained, in that it grants access to all rows of a table or none. Fine-grained access control, which allows control of access at the granularity of individual rows, and to specific columns within those rows, is required in practically all database applications. There are several models for fine grained access control, but the majority of them follow a view replacement strategy. There are two significant problems with most implementations of the view replacement model, namely (a) the unnecessary overhead of the access control predicates when they are redundant and (b) the potential of information leakage through channels such as user-defined functions, and operations that cause exceptions and error messages. We first propose techniques for redundancy removal. We then define when a query plan is safe with respect to UDFs and other unsafe functions, and propose techniques to generate safe query plans. We have prototyped redundancy removal and safe UDF pushdown on the Microsoft SQL Server query optimizer, and present a preliminary performance study.