Abstract
In this paper, we propose a novel, model-driven approach for enforcing fine-grained access control (FGAC) policies when executing SQL queries. More concretely, we define a function \(\mathrm{SecQuery}()\) that, given an FGAC policy \(\mathcal{{S}}\) and an SQL select-statement q, generates an SQL stored-procedure \(\ulcorner \)Sec-Query\((\mathcal{{S}}, q)\urcorner \), such that: if a user u is authorized, according to \(\mathcal{{S}}\), to execute q, then calling \(\ulcorner \mathrm{SecQuery}(\mathcal{{S}}, q)\urcorner (u)\) returns the same result that when u executes q; otherwise, if the user u is not authorized, according to \(\mathcal{{S}}\), to execute q, then calling \(\ulcorner \mathrm{SecQuery}(\mathcal{{S}}, q)\urcorner (u)\) signals an error. The stored-procedure \(\mathrm{SecQuery}(\mathcal{{S}}, q)\) implements the appropriate FGAC authorization-checks for executing the query q, according to the policy \(\mathcal{{S}}\). As expected, the execution of the query q takes less time than calling the stored-procedure \(\ulcorner \mathrm{SecQuery}(\mathcal{{S}}, q)\urcorner \). Moreover, evaluating the (sub)-queries corresponding to authorization-checks will take (more or less) time, depending on the “complexity” of the underlying policies. To illustrate this performance-issue, we have included in this paper some experimental results regarding the performance overhead incurred by executing the (secured) stored-procedure corresponding to (unsecured) queries. Finally, we have implemented our model-driven approach for enforcing FGAC policies for SQL queries in an open-source project, called SQL Security Injector (SQLSI).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Our mapping OCL2PSQL [11] can certainly be used as \(\mathrm{map}()\)-function. However, our current experiments suggest that, for non-trivial authorization constraints, manually written implementations significantly outperforms those automatically generated by OCL2PSQL, when checking FGAC authorization in large databases.
References
Basin DA, Clavel M, Egea M. A decade of model-driven security. In: Breu R, Crampton J, Lobo J, editors. 16th ACM symposium on access control models and technologies, SACMAT 2011, Innsbruck, Austria, June 15–17, 2011, Proceedings. ACM; 2011. p. 1–10. https://doi.org/10.1145/1998441.1998443.
Basin DA, Doser J, Lodderstedt T. Model driven security: from UML models to access control infrastructures. ACM Trans Softw Eng Methodol. 2006;15(1):39–91. https://doi.org/10.1145/1125808.1125810.
Browder K, Davidson MA. The virtual private database in Oracle9iR2. Tech. rep., Oracle Corporation; 2002. https://www.cgisecurity.com/-database/oracle/pdf/VPD9ir2twp.pdf.
Row and column access control support in IBM DB2 for i. Tech. rep. International Business Machines Corporation; 2014. https://www.redbooks.ibm.com/redpapers/pdfs/redp5110.pdf/.
Demuth B, Hußmann H, Loecher S. OCL as a specification language for business rules in database applications. In: Gogolla M, Kobryn C, editors. UML, LNCS, vol 2185. Springer; 2001. p. 104–17.
Ferraiolo DF, Sandhu R, Gavrila S, Kuhn DR, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans Inf Syst Secur. 2001;4(3):224–74. https://doi.org/10.1145/501978.501980.
LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D. Limiting disclosure in Hippocratic databases. In: Proceedings of the thirtieth international conference on very large data bases, VLDB ’04, vol 30. VLDB Endowment; 2004. p. 108–19.
Lodderstedt T, Basin DA, Doser J. SecureUML: a UML-based modeling language for model-driven security. In: Jézéquel J, Hußmann H, Cook S, editors. UML 2002—the unified modeling language, 5th international conference, Dresden, Germany, September 30–October 4, 2002, Proceedings, Lecture Notes in Computer Science, vol 2460. Springer; 2002. p. 426–41. https://doi.org/10.1007/3-540-45800-X_33.
Mehta A, Elnikety E, Harvey K, Garg D, Druschel P. Qapla: policy compliance for database-backed systems. In: Proceedings of the 26th USENIX conference on security symposium, SEC ’17. USENIX Association; 2017. p. 1463–79.
Montee G. Row-level security in MariaDB 10: protect your data. 2015. https://mariadb.com/resources/blog/.
Nguyen HPB, Clavel M. OCL2PSQL: an OCL-to-SQL code-generator for model-driven engineering. In: Dang TK, Küng J, Takizawa M, Bui SH, editors. Future data and security engineering—6th international conference, FDSE 2019, proceedings, lecture notes in computer science, vol 11814. Springer; 2019. p. 185–203.
Nguyen HPB, Clavel M. Model-based characterization of fine-grained access control authorization for SQL queries. J Object Technol. 2020;19(3).
Object Constraint Language specification version 2.4. Tech. rep. Object Management Group; 2014. https://www.omg.org/spec/OCL/.
PostgreSQL 12.2. Part II. SQL The Language. Chapter 5. Data Definition. 5.8. Row Security Policies. 2017. https://www.postgresql.org/docs/10/ddl.html.
ISO/IEC 9075-(1–10) Information technology—database languages—SQL. Tech. rep. International Organization for Standardization; 2011. http://www.iso.org/iso/.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the topical collection “Future Data and Security Engineering 2020” guest edited by Tran Khanh Dang.
Rights and permissions
About this article
Cite this article
Bao, H.N.P., Clavel, M. A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries. SN COMPUT. SCI. 2, 370 (2021). https://doi.org/10.1007/s42979-021-00712-7
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s42979-021-00712-7