Consistent Query Plan Generation in Secure Cooperative Data Access

  • Meixing Le
  • Krishna Kant
  • Sushil Jajodia
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8566)


In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. We assume that each party stores its data in private relational databases, and is given a set of mutually agreed set of authorization rules that may involve joins over relations owned by one or more parties. Although the query planning problem in such an environment is similar to the one for distributed databases, the access restrictions introduce significant additional complexity that we address in this paper. We examine the problem of efficiently enforcing rules and generating query execution plans in this environment. Because of the exponential complexity of optimal query planning, our query planning algorithm is heuristics based but produces excellent, if not optimal, results in most of the practical cases.


Rule enforcement Consistent query planning Cooperative data access 


  1. 1.
    Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep A secret: A distributed architecture for secure database services. In: CIDR, pp. 186–199 (2005)Google Scholar
  2. 2.
    Agrawal, R., Asonov, D., Kantarcioglu, M., Li, Y.: Sovereign joins. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, Atlanta, GA, USA, April 3-8, p. 26. IEEE Computer Society (2006)Google Scholar
  3. 3.
    Bernstein, P.A., Goodman, N., Wong, E., Reeve, C.L., Rothnie Jr., J.B.: Query processing in a system for distributed databases (SDD-1). ACM Transactions on Database Systems 6(4), 602–625 (1981)CrossRefzbMATHGoogle Scholar
  4. 4.
    Calì, A., Martinenghi, D.: Querying data under access limitations. In: Proceedings of the 24th International Conference on Data Engineering, ICDE 2008, Cancún, México, April 7-12, pp. 50–59. IEEE (2008)Google Scholar
  5. 5.
    Chaudhuri, S.: An overview of query optimization in relational systems. In: Proceedings of the 7th ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 34–43 (1998)Google Scholar
  6. 6.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Controlled information sharing in collaborative distributed query processing. In: ICDCS 2008, Beijing, China (June 2008)Google Scholar
  8. 8.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Authorization enforcement in distributed query evaluation. Journal of Computer Security 19(4), 751–794 (2011)Google Scholar
  9. 9.
    Goldstein, J., Larson, P.: Optimizing queries using materialized views: a practical, scalable solution. In: Proceedings of the 2001 ACM SIGMOD International Conference on Management of Data, pp. 331–342 (2001)Google Scholar
  10. 10.
    Halevy, A.Y.: Answering queries using views: A survey. VLDB Journal 10(4), 270–294 (2001)CrossRefzbMATHGoogle Scholar
  11. 11.
    Kossmann, D.: The state of the art in distributed query processing. ACM Computer Survey 32(4), 422–469 (2000)CrossRefGoogle Scholar
  12. 12.
    Le, M., Kant, K., Jajodia, S.: Access rule consistency in cooperative data access environment. In: 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom2012), pp. 11–20 (October 2012)Google Scholar
  13. 13.
    Le, M., Kant, K., Jajodia, S.: Consistency and enforcement of access rules in cooperative data sharing environment. In: Computers and Security (November 2013)Google Scholar
  14. 14.
    Le, M., Kant, K., Jajodia, S.: Rule enforcement with third parties in secure cooperative data access. In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 282–288. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  15. 15.
    Li, C.: Computing complete answers to queries in the presence of limited access patterns. VLDB Journal 12(3), 211–227 (2003)CrossRefGoogle Scholar
  16. 16.
    Pottinger, R., Halevy, A.Y.: Minicon: A scalable algorithm for answering queries using views. VLDB J. 10(2-3), 182–198 (2001)zbMATHGoogle Scholar
  17. 17.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD 2004 (2004)Google Scholar
  18. 18.
    Sion, R.: Query execution assurance for outsourced databases. In: VLDB, pp. 601–612. ACM (2005)Google Scholar
  19. 19.
    Zhang, Z., Mendelzon, A.O.: Authorization Views and Conditional Query Containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 259–273. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Meixing Le
    • 1
  • Krishna Kant
    • 2
  • Sushil Jajodia
    • 3
  1. 1.Cisco Corp.USA
  2. 2.Temple Univ.USA
  3. 3.Geoerge Mason Univ.USA

Personalised recommendations