Abstract
Several access control models for database management systems (DBMS) only consider how to manage select queries and then assume that similar mechanism would apply to update queries. However they do not take into account that updating data may possibly disclose some other sensitive data whose access would be forbidden through select queries. This is typically the case of current relational DBMS managed through SQL which are wrongly specified and lead to inconsistency between select and update queries. In this paper, we show how to solve this problem in the case of SPARQL queries. We present an approach based on rewriting SPARQL/Update queries. It involves two steps. The first one satisfies the update constraints. The second one handles consistency between select and update operators. Query rewriting is done by adding positive and negative filters (corresponding respectively to permissions and prohibitions) to the initial query.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Klyne, G., Carroll, J.: Resource description framework (rdf): Concepts and abstract syntax, http://www.w3.org/TR/2004/REC-rdf-concepts-20040210/
Prud’Hommeaux, E., Seaborne, A.: Sparql query language for rdf (January 2008), http://www.w3.org/TR/rdf-sparql-query/
Schenk, S., Gearon, P., Passant, A.: Sparql 1.1 update (June 2010), http://www.w3.org/TR/2010/WD-sparql11-update-20100601/
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: Proceedings of the 1974 Annual Conference, pp. 180–186 (1974)
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S.: fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality. In: Foresti, S., Jajodia, S. (eds.) Data and Applications Security and Privacy (DBSEC). LNCS, vol. 6166, pp. 146–161. Springer, Heidelberg (2010)
Huey, P.: Oracle database security guide : using oracle virtual private database to control data access, ch. 7, http://download.oracle.com/docs/cd/E11882_01/network.112/e10574.pdf
Gabillon, A.: A formal access control model for xml databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 86–103. Springer, Heidelberg (2005)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security (TISSEC)Â 4(3) (2001)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 8th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), Lake Como, Italy (June 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S. (2010). Rewriting of SPARQL/Update Queries for Securing Data Access. In: Soriano, M., Qing, S., López, J. (eds) Information and Communications Security. ICICS 2010. Lecture Notes in Computer Science, vol 6476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17650-0_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-17650-0_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17649-4
Online ISBN: 978-3-642-17650-0
eBook Packages: Computer ScienceComputer Science (R0)