International Journal of Information Security

, Volume 16, Issue 1, pp 75–89

An extended access control mechanism exploiting data dependencies

  • Davide Alberto Albertini
  • Barbara Carminati
  • Elena Ferrari
Regular Contribution

DOI: 10.1007/s10207-016-0322-4

Cite this article as:
Albertini, D.A., Carminati, B. & Ferrari, E. Int. J. Inf. Secur. (2017) 16: 75. doi:10.1007/s10207-016-0322-4
  • 241 Downloads

Abstract

In general, access control mechanisms in DBMSs ensure that users access only those portions of data for which they have authorizations, according to a predefined set of access control policies. However, it has been shown that access control mechanisms might be not enough. A clear example is the inference problem due to functional dependencies, which might allow a user to discover unauthorized data by exploiting authorized data. In this paper, we wish to investigate data dependencies (e.g., functional dependencies, foreign key constraints, and knowledge-based implications) from a different perspective. In particular, the aim was to investigate data dependencies as a mean for increasing the DBMS utility, that is, the number of queries that can be safely answered, rather than as channels for releasing sensitive data. We believe that, under given circumstances, this unauthorized release may give more benefits than issues. As such, we present a query rewriting technique capable of extending defined access control policies by exploiting data dependencies, in order to authorize unauthorized but inferable data.

Keywords

Query rewriting Data dependencies Functional dependencies Discretionary access control 

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Davide Alberto Albertini
    • 1
  • Barbara Carminati
    • 1
  • Elena Ferrari
    • 1
  1. 1.Università degli Studi dell’InsubriaVareseItaly

Personalised recommendations