Fine Grained Access Control for Relational Databases by Abstract Interpretation

Halder, Raju; Cortesi, Agostino

doi:10.1007/978-3-642-29578-2_15

Cited by 4 publications

(4 citation statements)

References 13 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They proposed a secure and sound SAQP algorithm. Other secure and sound algorithms have been proposed since then, such as [10,17]. Our results prove the claim of Wang et al that optimal Security-Aware Query Processing is difficult.…”

Section: Security-aware Query Processingsupporting

confidence: 83%

Optimal security-aware query processing

Guarnieri

Basin

2014

Proc. VLDB Endow.

View full text Add to dashboard Cite

Security-Aware Query Processing is the problem of computing answers to queries in the presence of access control policies. We present general impossibility results for the existence of optimal algorithms for Security-Aware Query Processing and classify query languages for which such algorithms exist. In particular, we show that for the relational calculus there are no optimal algorithms, whereas optimal algorithms exist for some of its fragments, such as the existential fragment.We also establish relationships between two different models of Fine-Grained Access Control, called Truman and NonTruman models, which have been previously presented in the literature as distinct. For optimal Security-Aware Query Processing, we show that the Non-Truman model is a special case of the Truman model for boolean queries in the relational calculus, moreover the two models coincide for more powerful languages, such as the relational calculus with aggregation operators. In contrast, these two models are distinct for non-boolean queries.

show abstract

Section: Security-aware Query Processingsupporting

confidence: 83%

Optimal security-aware query processing

Guarnieri

Basin

2014

Proc. VLDB Endow.

View full text Add to dashboard Cite

show abstract

“…The set U is {u, admin} and the policy S is { ⊕,u, SELECT,T ,admin , ⊕, u, SELECT, V , admin , ⊕, u, INSERT, T , admin }. Consider the following run r, parametrized by the initial database state db, where u first inserts 27 into T and afterwards issues the SELECT query V (27). We assume there are no exceptions in r.…”

Section: Data Confidentialitymentioning

confidence: 99%

“…From the literature, we extracted the SELECT-only attacker model, where the attacker uses just SELECT commands. A number of access control mechanisms, such as [1,4,8,9,13,27,31,35,41,43,46], implicitly consider this attacker model. The boundaries of this model are blurred and the attacker's capabilities are unclear.…”

Section: Introductionmentioning

confidence: 99%

Strong and Provably Secure Database Access Control

Guarnieri,

Marinovic,

Basin

2015

Preprint

View full text Add to dashboard Cite

Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.g ∈ sec db, U, sec, T, V, c ❀ appr auth g op ∈ {⊕, ⊕ * } op ′ ∈ {INSERT, DELETE}

show abstract

“…As a result, performance of the systems in terms of optimization issues are really under big threat. The Abstract Interpretation formulation of database systems serves as a formal foundation of many interesting real-life applications, for instance, (i) to address security properties, like watermarking and access control [11,15]; (ii) to provide a novel cooperative query answering schema [12]; (iii) to serve as static analysis framework for transactions to optimize integrity constraint checking [14]; (iv) to perform abstract slicing of applications accessing or manipulating databases [16], etc. In this paper, we address a challenging feature of database query languages: the treatment of recursive queries.…”

Section: Introductionmentioning

confidence: 99%