Abstract
The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind SQL authorization. We then discuss two extensions, for explicit metadata privileges and general privilege inference on derived objects. Although these are quite simple and easily implemented, we show how together, they help solve several administrative problems with existing SQL security. This sort of abstraction is also an important step towards having DBMSs that simultaneously support security policies over SQL, XML, RDF, and other forms of data.
Approved for Public Release. The opinions are the authors, not the corporation’s.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Samarati, P., Jajodia, S.: An extended authorization model for relational databases. IEEE TKDE (1997)
Bertino, E., Ferrari, E.: Administration Policies in a Multipolicy Authorization System. In: Database Security XI - Status and Prospects, Proc. of Tenth Annual IFIP Working Conference on Database Security (1997)
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.: XML-Based Specification for Web Services Document Security. IEEE Computer (April 2004)
Castano, S., De Capitani di Vimercati, S., Fugini, M.G.: Automated Derivation of Global Authorizations for Database Federations. Journal of Computer Security 5(4), 271–301 (1997)
De Capitani di Vimercati, S., Samarati, P.: Authorization Specification and Enforcement in Federated Database Systems. Journal of Computer Security 5(2), 155–188 (1997)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. Addison-Wesley, Reading (1995)
Cui, Y., Widom, J., Weiner, J.: Tracing the lineage of view data in a warehousing environment. ACM Transactions on Database Systems (TODS)Â 25(2) (June 2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)
Fagin, R.: On an Authorization Mechanism. ACM Transactions on Database Systems 3(3), 310–319 (1978)
Gudes, E., Olivier, M.S.: Security Policies in Replicated and Autonomous Databases. In: Jajodia, S. (ed.) Database Security XII: Status and Prospects, pp. 93–107. Kluwer, Dordrecht (1999)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.S.: Flexible Support for Multiple Access Control Policies. ACM Trans. Database Systems (2001)
Lomet, D.: A Role for Research in the Database Industry. ACM Computing Surveys 28(4es) (December 1996)
Negri, M., Pelagatti, G., Sbattella, L.: Formal Semantics of SQL Queries. ACM TODSÂ 17(3) (September 1991)
Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A model of authorization for next generation database systems. ACM Trans. Database Systems 16(1) (March 1991)
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: ACM SIGMOD Conf., Paris (2004)
Rosenthal, A., Sciore, E.: First-Class Views: A Key to User-Centered Computing. SIGMOD Record (September 1999)
Rosenthal, A., Sciore, E.: View Security as the Basis for Data Warehouse Security. In: CAiSE Workshop on Design and Management of Data Warehouses, Stockholm (2000)
SQL Standard, Part 2 (Foundations), ISO/IEC document 9075-2 (2003)
Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support for active security. In: ACM SACMAT Conf., Chantilly VA (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rosenthal, A., Sciore, E. (2004). Abstracting and Refining Authorization in SQL. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2004. Lecture Notes in Computer Science, vol 3178. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30073-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-30073-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22983-4
Online ISBN: 978-3-540-30073-1
eBook Packages: Springer Book Archive