Kabra, Govind ; Ramamurthy, Ravishankar ; Sudarshan, S. (2006) Redundancy and information leakage in fine-grained access control In: 2006 ACM SIGMOD international conference on Management of data.
Full text not available from this repository.
Official URL: http://doi.org/10.1145/1142473.1142489
Related URL: http://dx.doi.org/10.1145/1142473.1142489
Abstract
The current SQL standard for access control is coarse grained, in that it grants access to all rows of a table or none. Fine-grained access control, which allows control of access at the granularity of individual rows, and to specific columns within those rows, is required in practically all database applications. There are several models for fine grained access control, but the majority of them follow a view replacement strategy. There are two significant problems with most implementations of the view replacement model, namely (a) the unnecessary overhead of the access control predicates when they are redundant and (b) the potential of information leakage through channels such as user-defined functions, and operations that cause exceptions and error messages. We first propose techniques for redundancy removal. We then define when a query plan is safe with respect to UDFs and other unsafe functions, and propose techniques to generate safe query plans. We have prototyped redundancy removal and safe UDF pushdown on the Microsoft SQL Server query optimizer, and present a preliminary performance study.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Source: | Copyright of this article belongs to Association for Computing Machiner |
ID Code: | 128497 |
Deposited On: | 25 Oct 2022 05:00 |
Last Modified: | 15 Nov 2022 10:22 |
Repository Staff Only: item control page