Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
IEEE Transactions on Knowledge and Data Engineering
Proceedings of the Fifth International Conference on Data Engineering
The Volcano Optimizer Generator: Extensibility and Efficient Search
Proceedings of the Ninth International Conference on Data Engineering
Optimal implementation of conjunctive queries in relational data bases
STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Access control in a relational data base management system by query modification
ACM '74 Proceedings of the 1974 annual conference - Volume 1
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Extending Relational Database Systems to Automatically Enforce Privacy Policies
ICDE '05 Proceedings of the 21st International Conference on Data Engineering
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
A formal framework for reflective database access control policies
Proceedings of the 15th ACM conference on Computer and communications security
Implementing Reflective Access Control in SQL
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Proceedings of the Fourteenth International Database Engineering & Applications Symposium
Inheriting access control rules from large relational databases to materialized views automatically
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part III
Diesel: applying privilege separation to database access
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
AccKW: an efficient access control scheme for keyword-based search over RDBMS
DNIS'10 Proceedings of the 6th international conference on Databases in Networked Information Systems
Integrating trust management and access control in data-intensive Web applications
ACM Transactions on the Web (TWEB)
Hi-index | 0.00 |
The current SQL standard for access control is coarse grained, in that it grants access to all rows of a table or none. Fine-grained access control, which allows control of access at the granularity of individual rows, and to specific columns within those rows, is required in practically all database applications. There are several models for fine grained access control, but the majority of them follow a view replacement strategy. There are two significant problems with most implementations of the view replacement model, namely (a) the unnecessary overhead of the access control predicates when they are redundant and (b) the potential of information leakage through channels such as user-defined functions, and operations that cause exceptions and error messages. We first propose techniques for redundancy removal. We then define when a query plan is safe with respect to UDFs and other unsafe functions, and propose techniques to generate safe query plans. We have prototyped redundancy removal and safe UDF pushdown on the Microsoft SQL Server query optimizer, and present a preliminary performance study.