On the correctness criteria of fine-grained access control in relational databases

Qihua Wang, Ting Yu, Ninghui Li, Jorge Lobo, Elisa Bertino, Keith Irwin, Ji Won Byun

Research output: Chapter in Book/Report/Conference proceedingConference contribution

54 Citations (Scopus)

Abstract

Databases are increasingly being used to store information covered by heterogeneous policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been made to support fine-grained access control, there currently does not exist a formal notion of correctness regarding the query answering procedure. In this paper, we propose such a formal notion of correctness in fine-grained database access control, and discuss why existing approaches fall short in some circumstances. We then propose a labeling approach for masking unauthorized information and a query evaluation algorithm which better supports fine-grained access control. Finally, we implement our algorithm using query modification and evaluate its performance.

Original languageEnglish
Title of host publication33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings
PublisherAssociation for Computing Machinery, Inc
Pages555-566
Number of pages12
ISBN (Electronic)9781595936493
Publication statusPublished - 2007
Event33rd International Conference on Very Large Data Bases, VLDB 2007 - Vienna, Austria
Duration: 23 Sep 200727 Sep 2007

Other

Other33rd International Conference on Very Large Data Bases, VLDB 2007
CountryAustria
CityVienna
Period23/9/0727/9/07

Fingerprint

Access control
Labeling
Relational database
Query

ASJC Scopus subject areas

  • Hardware and Architecture
  • Information Systems and Management
  • Information Systems
  • Software

Cite this

Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., & Byun, J. W. (2007). On the correctness criteria of fine-grained access control in relational databases. In 33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings (pp. 555-566). Association for Computing Machinery, Inc.

On the correctness criteria of fine-grained access control in relational databases. / Wang, Qihua; Yu, Ting; Li, Ninghui; Lobo, Jorge; Bertino, Elisa; Irwin, Keith; Byun, Ji Won.

33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings. Association for Computing Machinery, Inc, 2007. p. 555-566.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wang, Q, Yu, T, Li, N, Lobo, J, Bertino, E, Irwin, K & Byun, JW 2007, On the correctness criteria of fine-grained access control in relational databases. in 33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings. Association for Computing Machinery, Inc, pp. 555-566, 33rd International Conference on Very Large Data Bases, VLDB 2007, Vienna, Austria, 23/9/07.
Wang Q, Yu T, Li N, Lobo J, Bertino E, Irwin K et al. On the correctness criteria of fine-grained access control in relational databases. In 33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings. Association for Computing Machinery, Inc. 2007. p. 555-566
Wang, Qihua ; Yu, Ting ; Li, Ninghui ; Lobo, Jorge ; Bertino, Elisa ; Irwin, Keith ; Byun, Ji Won. / On the correctness criteria of fine-grained access control in relational databases. 33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings. Association for Computing Machinery, Inc, 2007. pp. 555-566
@inproceedings{b0c5c90c5ba24e619deb0bf1b72a536b,
title = "On the correctness criteria of fine-grained access control in relational databases",
abstract = "Databases are increasingly being used to store information covered by heterogeneous policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been made to support fine-grained access control, there currently does not exist a formal notion of correctness regarding the query answering procedure. In this paper, we propose such a formal notion of correctness in fine-grained database access control, and discuss why existing approaches fall short in some circumstances. We then propose a labeling approach for masking unauthorized information and a query evaluation algorithm which better supports fine-grained access control. Finally, we implement our algorithm using query modification and evaluate its performance.",
author = "Qihua Wang and Ting Yu and Ninghui Li and Jorge Lobo and Elisa Bertino and Keith Irwin and Byun, {Ji Won}",
year = "2007",
language = "English",
pages = "555--566",
booktitle = "33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - On the correctness criteria of fine-grained access control in relational databases

AU - Wang, Qihua

AU - Yu, Ting

AU - Li, Ninghui

AU - Lobo, Jorge

AU - Bertino, Elisa

AU - Irwin, Keith

AU - Byun, Ji Won

PY - 2007

Y1 - 2007

N2 - Databases are increasingly being used to store information covered by heterogeneous policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been made to support fine-grained access control, there currently does not exist a formal notion of correctness regarding the query answering procedure. In this paper, we propose such a formal notion of correctness in fine-grained database access control, and discuss why existing approaches fall short in some circumstances. We then propose a labeling approach for masking unauthorized information and a query evaluation algorithm which better supports fine-grained access control. Finally, we implement our algorithm using query modification and evaluate its performance.

AB - Databases are increasingly being used to store information covered by heterogeneous policies, which require support for access control with great flexibility. This has led to increasing interest in using fine-grained access control, where different cells in a relation may be governed by different access control rules. Although several proposals have been made to support fine-grained access control, there currently does not exist a formal notion of correctness regarding the query answering procedure. In this paper, we propose such a formal notion of correctness in fine-grained database access control, and discuss why existing approaches fall short in some circumstances. We then propose a labeling approach for masking unauthorized information and a query evaluation algorithm which better supports fine-grained access control. Finally, we implement our algorithm using query modification and evaluate its performance.

UR - http://www.scopus.com/inward/record.url?scp=85011022992&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85011022992&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85011022992

SP - 555

EP - 566

BT - 33rd International Conference on Very Large Data Bases, VLDB 2007 - Conference Proceedings

PB - Association for Computing Machinery, Inc

ER -