Record Details

Extending query rewriting techniques for fine-grained access control

DSpace at IIT Bombay

View Archive Info
 
 
Field Value
 
Title Extending query rewriting techniques for fine-grained access control
 
Creator RIZVI, SHARIQ
MENDELZON, ALBERTO
SUDARSHAN, S
ROY, PRASAN
 
Subject query processing
access control
rewriting systems
 
Description Current day database applications, with large numbers of users, require fine-grained access control mechanisms, at the level of individual tuples, not just entire relations/views, to control which parts of the data can be accessed by each user. Fine-grained access control is often enforced in the application code, which has numerous drawbacks; these can be avoided by specifying/enforcing access control at the database level. We present a novel fine-grained access control model based on authorization views that allows "authorization-transparent" querying; that is, user queries can be phrased in terms of the database relations, and are valid if they can be answered using only the information contained in these authorization views. We extend earlier work on authorization-transparent querying by introducing a new notion of validity, conditional validity. We give a powerful set of inference rules to check for query validity. We demonstrate the practicality of our techniques by describing how an existing query optimizer can be extended to perform access control checks by incorporating these inference rules.
 
Publisher Association for Computing Machinery
 
Date 2009-06-22T04:24:28Z
2011-11-28T08:26:43Z
2011-12-15T09:57:32Z
2009-06-22T04:24:28Z
2011-11-28T08:26:43Z
2011-12-15T09:57:32Z
2004
 
Identifier Proceedings of the ACM SIGMOD International Conference on Management of Data, (SIGMOD), Paris, France, 13-18 June 2004, 551-562
1-58113-859-8
10.1145/1007568.1007631
http://hdl.handle.net/10054/1550
http://dspace.library.iitb.ac.in/xmlui/handle/10054/1550
 
Language en