OBSERVATION-BASED FINE GRAINED ACCESS CONTROL FOR RELATIONAL DATABASES
Raju Halder, Agostino Cortesi
2010
Abstract
Fine Grained Access Control (FGAC) provides users the access to the non-confidential database information while preventing unauthorized leakage of the confidential data. It provides two extreme views to the database information: completely public or completely hidden. In this paper, we propose an Observation-based Fine Grained Access Control (OFGAC) mechanism based on the Abstract Interpretation framework where data are made accessible at various level of abstraction. In this setting, unauthorized users are not able to infer the exact content of a cell containing confidential information, while they are allowed to get partial information out of it, according to their access rights. Different level of sensitivity of the information correspond to different level of abstraction. In this way, we can tune different parts of the same database content according to different level of abstraction at the same time. The traditional FGAC can be seen as a special case of the OFGAC framework.
References
- Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., and Rjaibi, W. (2005). Extending relational database systems to automatically enforce privacy policies. In Proceedings of the 21st International Conference on Data Engineering, ICDE 7805, pages 1013-1022. IEEE Computer Society.
- Bertino, E., Jajodia, S., and Samarati, P. (1999). A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems, 17(2):101-140.
- Böttcher, S., Hartel, R., and Kirschner, M. (2008). Detecting suspicious relational database queries. In Proceedings of the 3rd International Conference on Availability, Reliability and Security, ARES 7808, pages 771- 778. IEEE Computer Society.
- Cousot, P. and Cousot, R. (1977). Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conference Record of the Sixth Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, pages 238-252, Los Angeles, CA, USA. ACM Press.
- Giacobazzi, R., Ranzato, F., and Scozzari, F. (2000). Making abstract interpretations complete. Journal of the ACM (JACM), 47(2):361-416.
- Griffiths, P. P. and Wade, B. W. (1976). An authorization mechanism for a relational database system. ACM Transactions on Database Systems, 1(3):242-255.
- Halder, R. and Cortesi, A. (2010). Abstract interpretation for sound approximation of database query languages. In Proceedings of the IEEE 7th International Conference on INFOrmatics and Systems (INFOS2010), Advances in Data Engineering and Management Track, pages 53-59, Cairo, Egypt. IEEE Catalog Number: IEEE CFP1006J-CDR.
- Hsu, T.-s., Liau, C.-J., Wang, D.-W., and Chen, J. K.-P. (2002). Quantifying privacy leakage through answering database queries. In Proceedings of the 5th International Conference on Information Security, ISC 7802, pages 162-176, London, UK. Springer-Verlag.
- Jajodia, S., Samarati, P., Subrahmanian, V. S., and Bertino, E. (1997). A unified framework for enforcing multiple access control policies. SIGMOD Record, 26(2):474- 485.
- Kabra, G., Ramamurthy, R., and Sudarshan, S. (2006). Redundancy and information leakage in fine-grained access control. In Proceedings of the ACM SIGMOD international conference on Management of data, SIGMOD 7806, pages 133-144, Chicago, IL, USA. ACM Press.
- LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., and DeWitt, D. (2004). Limiting disclosure in hippocratic databases. In Proceedings of the 30th international conference on Very large data bases, VLDB 7804, pages 108-119. VLDB Endowment.
- Sabelfeld, A. and Myers, A. C. (2003). Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19.
- Shi, J., Zhu, H., Fu, G., and Jiang, T. (2009). On the soundness property for sql queries of fine-grained access control in dbmss. In ICIS 7809: Proceedings of the 2009 Eigth IEEE/ACIS International Conference on Computer and Information Science, pages 469-474, Shanghai, China. IEEE Computer Society.
- Wang, Q., Yu, T., Li, N., Lobo, J., Bertino, E., Irwin, K., and Byun, J.-W. (2007). On the correctness criteria of fine-grained access control in relational databases. In Proceedings of the 33rd international conference on Very large data bases, VLDB 7807, pages 555-566, Vienna, Austria. VLDB Endowment.
- Zhu, H. and Lü, K. (2007). Fine-grained access control for database management systems. In Proceedings of the 24th British National Conference on Databases, pages 215-223, Glasgow, UK. Springer Verlag LNCS.
- Zhu, H., Shi, J., Wang, Y., and Feng, Y. (2008). Controlling information leakage of fine-grained access model in dbmss. In Proceedings of the 9th International Conference on Web-Age Information Management, WAIM 7808, pages 583-590, Zhangjiajie, China. IEEE Computer Society.
Paper Citation
in Harvard Style
Halder R. and Cortesi A. (2010). OBSERVATION-BASED FINE GRAINED ACCESS CONTROL FOR RELATIONAL DATABASES . In Proceedings of the 5th International Conference on Software and Data Technologies - Volume 1: ICSOFT, ISBN 978-989-8425-22-5, pages 254-265. DOI: 10.5220/0003006202540265
in Bibtex Style
@conference{icsoft10,
author={Raju Halder and Agostino Cortesi},
title={OBSERVATION-BASED FINE GRAINED ACCESS CONTROL FOR RELATIONAL DATABASES},
booktitle={Proceedings of the 5th International Conference on Software and Data Technologies - Volume 1: ICSOFT,},
year={2010},
pages={254-265},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003006202540265},
isbn={978-989-8425-22-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 5th International Conference on Software and Data Technologies - Volume 1: ICSOFT,
TI - OBSERVATION-BASED FINE GRAINED ACCESS CONTROL FOR RELATIONAL DATABASES
SN - 978-989-8425-22-5
AU - Halder R.
AU - Cortesi A.
PY - 2010
SP - 254
EP - 265
DO - 10.5220/0003006202540265