Abstracting and Refining Authorization in SQL

Rosenthal, Arnon; Sciore, Edward

doi:10.1007/978-3-540-30073-1_11

Arnon Rosenthal¹⁸ &
Edward Sciore¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3178))

Included in the following conference series:

Workshop on Secure Data Management

336 Accesses
6 Citations

Abstract

The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind SQL authorization. We then discuss two extensions, for explicit metadata privileges and general privilege inference on derived objects. Although these are quite simple and easily implemented, we show how together, they help solve several administrative problems with existing SQL security. This sort of abstraction is also an important step towards having DBMSs that simultaneously support security policies over SQL, XML, RDF, and other forms of data.

Approved for Public Release. The opinions are the authors, not the corporation’s.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational databases. IEEE TKDE (1997)
Google Scholar
Bertino, E., Ferrari, E.: Administration Policies in a Multipolicy Authorization System. In: Database Security XI - Status and Prospects, Proc. of Tenth Annual IFIP Working Conference on Database Security (1997)
Google Scholar
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.: XML-Based Specification for Web Services Document Security. IEEE Computer (April 2004)
Google Scholar
Castano, S., De Capitani di Vimercati, S., Fugini, M.G.: Automated Derivation of Global Authorizations for Database Federations. Journal of Computer Security 5(4), 271–301 (1997)
Google Scholar
De Capitani di Vimercati, S., Samarati, P.: Authorization Specification and Enforcement in Federated Database Systems. Journal of Computer Security 5(2), 155–188 (1997)
Google Scholar
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Reading (1995)
MATH Google Scholar
Cui, Y., Widom, J., Weiner, J.: Tracing the lineage of view data in a warehousing environment. ACM Transactions on Database Systems (TODS) 25(2) (June 2000)
Google Scholar
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)
Article Google Scholar
Fagin, R.: On an Authorization Mechanism. ACM Transactions on Database Systems 3(3), 310–319 (1978)
Article Google Scholar
Gudes, E., Olivier, M.S.: Security Policies in Replicated and Autonomous Databases. In: Jajodia, S. (ed.) Database Security XII: Status and Prospects, pp. 93–107. Kluwer, Dordrecht (1999)
Google Scholar
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Trans. Database Systems (2001)
Google Scholar
Lomet, D.: A Role for Research in the Database Industry. ACM Computing Surveys 28(4es) (December 1996)
Google Scholar
Negri, M., Pelagatti, G., Sbattella, L.: Formal Semantics of SQL Queries. ACM TODS 17(3) (September 1991)
Google Scholar
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next generation database systems. ACM Trans. Database Systems 16(1) (March 1991)
Google Scholar
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: ACM SIGMOD Conf., Paris (2004)
Google Scholar
Rosenthal, A., Sciore, E.: First-Class Views: A Key to User-Centered Computing. SIGMOD Record (September 1999)
Google Scholar
Rosenthal, A., Sciore, E.: View Security as the Basis for Data Warehouse Security. In: CAiSE Workshop on Design and Management of Data Warehouses, Stockholm (2000)
Google Scholar
SQL Standard, Part 2 (Foundations), ISO/IEC document 9075-2 (2003)
Google Scholar
Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support for active security. In: ACM SACMAT Conf., Chantilly VA (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

The MITRE Corporation, 202 Burlington Road, Bedford, MA, USA
Arnon Rosenthal
The MITRE Corporation, Boston College, Chestnut Hill, MA, USA
Edward Sciore

Authors

Arnon Rosenthal
View author publications
You can also search for this author in PubMed Google Scholar
Edward Sciore
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Philips Research, The Netherlands
Willem Jonker
Philips Research, Information & System Security, High Tech Campus 37 (WY 71), 5656 AE, Eindhoven, The Netherlands
Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Rosenthal, A., Sciore, E. (2004). Abstracting and Refining Authorization in SQL. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2004. Lecture Notes in Computer Science, vol 3178. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30073-1_11

Download citation

DOI: https://doi.org/10.1007/978-3-540-30073-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22983-4
Online ISBN: 978-3-540-30073-1
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics