Abstract
A novel approach for automatically inheriting access control rules form large relational databases to materialized views defined on such databases is proposed in this paper, along with main algorithm VSP-Bucket. Our proposal introduces a number of research innovations, ranging from a novel Datalog-based syntax, and related semantics, for modeling and expressing access control rules over relational databases to algorithm VSP-Bucket itself, which is a meaningifully adaptation of a well-know view-based query re-writing algorithm for database optimization purposes. A preliminary experimental evaluation and analysis of performance of algorithm VSP-Bucket completes our foremost analytical contribution made in this research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending Relational Database Systems to Automatically Enforce Privacy Policies. In: Proc. of ICDE 2005, pp. 1013–1022 (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proc. of VLDB 2002, pp. 143—154 (2002)
Ahmad, M., Aboulnaga, A., Babu, S., Munagala, K.: Modeling and Exploiting Query Interactions in Database Systems. In: Proc. of CIKM 2008, pp. 183–192 (2008)
Ayyagari, P., Mitra, P., Lee, D., Liu, P., Lee, W.-C.: Incremental Adaptation of XPath Access Control Views. In: Proc. of ASIACCS 2007, pp. 105–116 (2007)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison Wesley, Reading (1995)
Chandra, A.K., Merlin, P.M.: Optimal Implementation of Conjunctive Queries in Relational Data Bases. In: Proc. of STOC 1977, pp. 77–90 (1977)
Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML Querying with Security Views. In: Proc. of SIGMOD 2004, pp. 587–598 (2004)
Goel, S.K., Clifton, C., Rosenthal, A.: Derived Access Control Specification for XML. In: Proc. of XMLSEC 2003, pp. 1–14 (2003)
Gupta, A., Mumick, I.S.: Materialized Views: Techniques, Implementations, and Applications. The MIT Press, Cambridge (1999)
Gupta, H.: Selection of Views to Materialize in a Data Warehouse. In: Afrati, F.N., Kolaitis, P.G. (eds.) ICDT 1997. LNCS, vol. 1186, pp. 98–112. Springer, Heidelberg (1996)
Halevy, A.: Answering Queries Using Views: A Survey. The VLDB Journal 10, 270–294 (2001)
Jarke, M., Koch, J.: Query Optimization in Database Systems. ACM Computing Surveys 16(2), 111–152 (1984)
Kabra, G., Ramamurthy, R., Sudarshan, S.: Redundancy and Information Leakage in Fine-Grained Access Control. In: Proc. of SIGMOD 2006, pp. 133–144 (2006)
Matthias, A., Onur, K., Yi, P.: Approaching Fine-grain Access Control for Distributed Biomedical Databases within Virtual Environments. In: Proc. of CGW 2009, pp. 311–319 (2009)
Olson, L.E., Gunter, C.A., Cook, W.R., Winslett, M.: Implementing Reflective Access Control in SQL. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security XXIII. LNCS, vol. 5645, pp. 17–32. Springer, Heidelberg (2009)
Oracle Corp.: The Virtual Private Database in Oracle9iR2: A Technical White Paper (2002), http://www.cgisecurity.com/database/oracle/pdf/VPD9ir2twp.pdf
Pottinger, R., Halevy, A.: MiniCon: A Scalable Algorithm For Answering Queries Using Views. The VLDB Journal 10, 182–198 (2001)
Rastogi, V., Suciu, D., Welbourne, E.: Access Control over Uncertain Data. In: Proceedings of the VLDB Endowment, vol. 1, pp. 821–832 (2008)
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proc. of SIGMOD 2004, pp. 551–562 (2004)
Roichman, A., Gudes, E.: Fine-Grained Access Control to Web Databases. In: Proc. of SACMAT 2007, pp. 181–184 (2007)
Rosenthal, A., Sciore, E.: Abstracting and Refining Authorization in SQL. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 148–162. Springer, Heidelberg (2004)
Sagiv, Y., Yannakakis, M.: Equivalences Among Relational Expressions with the Union and Difference Operators. Journal of the ACM 27, 633–655 (1980)
Stonebraker, M., Wong, E.: Access Control in a Relational Data Base Management System by Query Modification. In: Proc. of ACM 1974, vol. 1, pp. 180–186 (1974)
Sybase Corp.: New Security Features in Sybase Adaptive Server Enterprise. Sybase Technical White Paper (2003)
Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., Byun, J.-W.: On the Correctness Criteria of Fine-Grained Access Control in Relational Databases. In: Proc. of VLDB 2007, pp. 555–556 (2007)
Zannone, N., Jajodia, S., Massacci, F., Wijesekera, D.: Maintaining Privacy on Derived Objects. In: Proc. of WPES 2005, pp. 10–19 (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cuzzocrea, A., Hacid, MS., Grillo, N. (2010). Inheriting Access Control Rules from Large Relational Databases to Materialized Views Automatically. In: Setchi, R., Jordanov, I., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2010. Lecture Notes in Computer Science(), vol 6278. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15393-8_48
Download citation
DOI: https://doi.org/10.1007/978-3-642-15393-8_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15392-1
Online ISBN: 978-3-642-15393-8
eBook Packages: Computer ScienceComputer Science (R0)