Abstract
A practical approach for developing fine-grained access control (FGAC) for database management systems is reported in this paper. We extend SQL language to support security policies. The concept of the policy type for databases is proposed. We implement the policy reuse through the use of policy types and policy instances to alleviate the administration workload of maintaining security policies. The policies for rows and columns can be expressed with policy types. Moreover, complicated database integrity constraints can also be expressed by policy types, and no further purpose-built programs are needed to create specific security control policies. We implement the fine-grained access control in a relational database management system DM5 [4]. The performance test results based on TPC-W are also presented.
This paper is supported by 863 hi-tech research and development program of China, granted number: 2006AA01Z430.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending Relational Database Systems to Automatically Enforce Privacy Policies. In: Proceedings of 21st International Conference on Data Engineering (ICDE), pp. 1013–1023 (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 563–574. Springer, Heidelberg (2003)
Elisa, B.: Purpose Based Access Control for Privacy Protection in Database Systems. In: Zhou, L.-z., Ooi, B.-C., Meng, X. (eds.) DASFAA 2005. LNCS, vol. 3453, Springer, Heidelberg (2005)
Database Management System DM5, http://www.dameng.com
Damianou, N.: A Policy Framework for Management of Distributed Systems, Ph.D. thesis, Imperial College of Science, Technology and Medicine of London University (2002)
Santosh, D., Bernard, M., Ashish, S.: Database Access Control for E-Business – A case study. In: Proceedings of 11th International Conference on Management of Data COMAD, pp. 168–175 (2005)
Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: Proceedings of International Conference on Data Engineering, pp. 339–347 (1989)
Shariq, R., Mendelzon Alberto, S., Prasan, R.: Extending Query Rewriting Techniques for Fine-Grained Access Control. In: Proceedings of SIGMOD Conference. pp. 551–562 (2004)
Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proceedings of the ACM Annual Conference, pp. 180–186 (1974)
Transaction Processing Performance Council (TPC), TPC BENCHMARKTM W (Web Commerce) Specification Version 1.8., http://www.tpc.org
The Virtual Private Database in Oracle9ir2: An Oracle Technical White Paper, http://otn.oracle.com/deploy/security/oracle9ir2/pdf/vpd9ir2twp.pdf
Hong, Z., Xin, F., Hui, L.Q., Kevin, L.: The Design and Implementation of a Performance Evaluation Tool with TPC-W Benchmark. Journal of Computing and Information Technology-CIT 14. 2, 149–160 (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, H., Lü, K. (2007). Fine-Grained Access Control for Database Management Systems. In: Cooper, R., Kennedy, J. (eds) Data Management. Data, Data Everywhere. BNCOD 2007. Lecture Notes in Computer Science, vol 4587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73390-4_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-73390-4_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73389-8
Online ISBN: 978-3-540-73390-4
eBook Packages: Computer ScienceComputer Science (R0)