FGAC-QD: Fine-Grained Access Control Model Based on Query Decomposition Strategy

  • Guoqiang Zhan
  • Zude Li
  • Xiaojun Ye
  • Jianmin Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


Applications require fine-grained access control (FGAC) supported by DBMSs themselves. Though much literature has referred to the FGAC, its key problems still remain open. Thus, we develop a FGAC-QD model based on query decomposition strategy with incorporating two notions of authorization rule and predicate transitive rule. In our model, users’ queries are decomposed into a set of one-variable queries (OVQ). For each OVQ, its validity is checked against the corresponding authorization rule; if all the OVQs are valid, the query is inferred to be valid and will be executed without any modification; otherwise the query has illegal access, and will be partially evaluated or rejected directly, according to the feature of applications. Finally, the results of experiments demonstrate the feasibility of FGAC-QD.


User Query Conjunctive Query Answering Query Authorization Rule Transitive Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Virtual Private Database in Oracle9ir2: An Oracle Technical White Paper,
  2. 2.
    Agrawal, R., Birdz, P., Grandisony, T., Kiernany, J., Loganz, S., Rjaibi, W.: Extending Relational Database Systems to Automatically Enforce Privacy Policies. In: Proc. of ICDE, pp. 1013–1022 (2005)Google Scholar
  3. 3.
    Ahn, G.J., Sandhu, R.: Role-based autorization constraints specification. ACM Transactions on Information and System Security 3(4), 207–226 (2000)CrossRefGoogle Scholar
  4. 4.
    Bertino, E., Byun, J.W., Li, N.H.: Privacy-Preserving Database Systems. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol. 3655, pp. 178–206. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Halevy, A.: Answering queries using views: A survey. The VLDB Journal 10(4), 270–294 (2001)MATHCrossRefGoogle Scholar
  6. 6.
    Jajodia, S., Sandhu, R.: Toward A Multilevel Secure Relational Data Model. In: Proceedings of SIGMOD Conference, pp. 50–59 (1991)Google Scholar
  7. 7.
    Keefe, T.F., Thuraisingham, B.M., Tsai, W.T.: Secure Query-Processing Strategies. IEEE Computer 22(3), 63–70 (1989)Google Scholar
  8. 8.
    Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: Proc. of ICDE 1989, pp. 339–347 (1989)Google Scholar
  9. 9.
    Pottinger, R., Levy, A.: A Scalable Algorithm for Answering Queries Using Views. In: Proc. of VLDB 2000, pp. 484–495 (2000)Google Scholar
  10. 10.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proc. of SIGMOD 2004, pp. 551–562 (2004)Google Scholar
  11. 11.
    Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proc. of ACM Conference, pp. 180–186 (1974)Google Scholar
  12. 12.
    Stonebraker, M., et al.: On rules, procedures, caching and views in database systems. In: Proc. of SIGMOD 1990, pp. 281–290 (1990)Google Scholar
  13. 13.
    Wong, E., Youssefi, K.: Decomposition-A Strategy for Query Processing. ACM Transactions on Database Systems 1(3), 223–241 (1976)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Guoqiang Zhan
    • 1
  • Zude Li
    • 1
  • Xiaojun Ye
    • 1
  • Jianmin Wang
    • 1
  1. 1.School of SoftwareTsinghua UniversityBeijingChina

Personalised recommendations