Abstract
Applications require fine-grained access control (FGAC) supported by DBMSs themselves. Though much literature has referred to the FGAC, its key problems still remain open. Thus, we develop a FGAC-QD model based on query decomposition strategy with incorporating two notions of authorization rule and predicate transitive rule. In our model, users’ queries are decomposed into a set of one-variable queries (OVQ). For each OVQ, its validity is checked against the corresponding authorization rule; if all the OVQs are valid, the query is inferred to be valid and will be executed without any modification; otherwise the query has illegal access, and will be partially evaluated or rejected directly, according to the feature of applications. Finally, the results of experiments demonstrate the feasibility of FGAC-QD.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Virtual Private Database in Oracle9ir2: An Oracle Technical White Paper, http://otn.oracle.com/deploy/security/oracle9ir2/pdf/vpd9ir2twp.pdf
Agrawal, R., Birdz, P., Grandisony, T., Kiernany, J., Loganz, S., Rjaibi, W.: Extending Relational Database Systems to Automatically Enforce Privacy Policies. In: Proc. of ICDE, pp. 1013–1022 (2005)
Ahn, G.J., Sandhu, R.: Role-based autorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)
Bertino, E., Byun, J.W., Li, N.H.: Privacy-Preserving Database Systems. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol. 3655, pp. 178–206. Springer, Heidelberg (2005)
Halevy, A.: Answering queries using views: A survey. The VLDB Journal 10(4), 270–294 (2001)
Jajodia, S., Sandhu, R.: Toward A Multilevel Secure Relational Data Model. In: Proceedings of SIGMOD Conference, pp. 50–59 (1991)
Keefe, T.F., Thuraisingham, B.M., Tsai, W.T.: Secure Query-Processing Strategies. IEEE Computer 22(3), 63–70 (1989)
Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: Proc. of ICDE 1989, pp. 339–347 (1989)
Pottinger, R., Levy, A.: A Scalable Algorithm for Answering Queries Using Views. In: Proc. of VLDB 2000, pp. 484–495 (2000)
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proc. of SIGMOD 2004, pp. 551–562 (2004)
Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proc. of ACM Conference, pp. 180–186 (1974)
Stonebraker, M., et al.: On rules, procedures, caching and views in database systems. In: Proc. of SIGMOD 1990, pp. 281–290 (1990)
Wong, E., Youssefi, K.: Decomposition-A Strategy for Query Processing. ACM Transactions on Database Systems 1(3), 223–241 (1976)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhan, G., Li, Z., Ye, X., Wang, J. (2006). FGAC-QD: Fine-Grained Access Control Model Based on Query Decomposition Strategy. In: Fischer-HĂĽbner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_14
Download citation
DOI: https://doi.org/10.1007/11824633_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37750-4
Online ISBN: 978-3-540-37752-8
eBook Packages: Computer ScienceComputer Science (R0)