Authorization Views and Conditional Query Containment

  • Zheng Zhang
  • Alberto O. Mendelzon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3363)

Abstract

A recent proposal for database access control consists of defining “authorization views” that specify the accessible data, and declaring a query valid if it can be completely rewritten using the views. Unlike traditional work in query rewriting using views, the rewritten query needs to be equivalent to the original query only over the set of database states that agree with a given set of materializations for the authorization views. With this motivation, we study conditional query containment, i.e. , containment over states that agree on a set of materialized views. We give an algorithm to test conditional containment of conjunctive queries with respect to a set of materialized conjunctive views. We show the problem is \({\it \Pi}^{p}_{2}\)-complete. Based on the algorithm, we give a test for a query to be conditionally authorized given a set of materialized authorization views.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abiteboul, S., Duschka, O.: Complexity of answering queries using materialized views. In: Proc. ACM PODS, pp. 254–263 (1998)Google Scholar
  2. 2.
    Aho, A., Sagiv, Y., Ullman, J.D.: Equivalence of relational expressions. SIAM Journal of Computing 2(8), 218–246 (1979)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Calvanese, D., Giuseppe, D.G., Lenzerini, M., Vardi, M.Y.: Lossless regular views. In: Proc. ACM PODS, pp. 247–258 (2002)Google Scholar
  4. 4.
    Chandra, A.K., Merlin, P.M.: Optimal implementations of conjunctive queries in relational databases. In: Proc. STOC, pp. 77–90 (1977)Google Scholar
  5. 5.
    Chaudhuri, S., Krishnamurthy, R., Potamianos, S., Shim, K.: Optimizing queries with materialized views. In: Proc. ICDE, pp. 190–200 (1995)Google Scholar
  6. 6.
    Deutsch, A., Tannen, V.: Reformulation of xml queries and constraints. In: Proc. ICDT, pp. 225–241 (2003)Google Scholar
  7. 7.
    Grahne, G., Mendelzon, A.: Tableau techniques for querying information sources through global schema. In: Proc. ICDT, pp. 332–347 (1999)Google Scholar
  8. 8.
    Klug, A.: On conjunctive queries containing inequalities. Journal of the Association for Computing Machinery 35(1), 146–160 (1998)MathSciNetGoogle Scholar
  9. 9.
    Lenzerini, M.: Data integration: a theoretical perspective. In: Proc. ACM PODS, pp. 233–246 (2002)Google Scholar
  10. 10.
    Levy, A., Mendelzon, A., Sagiv, Y., Srivastava, D.: Answering queries using views. In: Proc. ACM PODS, pp. 95–104 (1995)Google Scholar
  11. 11.
    Levy, A., Rajaraman, A., Ordille, J.J.: Querying heterogeneous information sources using source descriptions. In: Proc. VLDB, pp. 251–262 (1996)Google Scholar
  12. 12.
    Millstein, T., Levy, A., Friedman, M.: Query containment for data integration systems. Journal of Computer and System Sciences, 67–75 (2002)Google Scholar
  13. 13.
    Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: Proc. ICDE, pp. 339–347 (1989)Google Scholar
  14. 14.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. ACM SIGMOD, pp. 551–562 (2004)Google Scholar
  15. 15.
    Rosenthal, A., Sciore, E.: View security as the basis for data warehouse security. In: Intl. Workshop on Design and Management of Data Warehouses (2000)Google Scholar
  16. 16.
    Rosenthal, A., Sciore, E., Doshi, V.: Security administration for federations, warehouses, and other derived data. In: IFIP WG11.3 Conf. on Database Security (1999)Google Scholar
  17. 17.
    Sagiv, Y., Yannakakis, M.: Equivalence among relational expressions with the union and difference operations. Journal of the ACM 27(4), 633–655 (1980)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    van der Meyden, R.: The complexity of querying indefinite data about linearly ordered domains (extended version). In: Proc. ACM PODS, pp. 331–345 (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Zheng Zhang
    • 1
  • Alberto O. Mendelzon
    • 1
  1. 1.Department of Computer ScienceUniversity of Toronto 

Personalised recommendations