Authorization Policies for Materialized Views
نویسندگان
چکیده
In this paper, we propose a novel approach to facilitate the administration of access control policies to ensure the confidentiality of data at the level of materialized views. A materialized view stores both the definition of the view and the rows resulting from the execution of the view. Several techniques and models have been proposed to control access to databases, but to our knowledge the problem of automatically generating from access control policies defined over base relations the access control policies that are needed to control materialized views is not investigated so far. We are dealing with this problem by resorting to an adaptation of query rewriting techniques. We choose to express fine-grained access control through authorization views.
منابع مشابه
Authorization Views and Conditional Query Containment
A recent proposal for database access control consists of defining “authorization views” that specify the accessible data, and declaring a query valid if it can be completely rewritten using the views. Unlike traditional work in query rewriting using views, the rewritten query needs to be equivalent to the original query only over the set of database states that agree with a given set of materi...
متن کاملThe Starburst Rule System: Language Design, Implementation, and Applications
This short paper provides an overview of the Starburst Rule System, a production rules facility integrated into the Starburst extensible database system. The rule language is based on arbitrary database state transitions rather than tupleor statement-level changes, yielding a clear and exible execution semantics. The rule system was implemented rapidly using the extensibility features of Starbu...
متن کاملExpressing Privacy Policies Using Authorization Views
In this paper, we design a rule-based privacy policy for the RFID Ecosystem, an RFID-based ubiquitous computing system. We start from the physical access control (PAC) rule (Kriplean et al., IEEE Pervasive Computing 2007) that provides a default level of privacy but constrains the possible set of applications. We extend it by using principled ways of defining other access control rules that ret...
متن کاملDetecting Redundancy in Data Warehouse Evolution
A Data Warehouse (DW) can be abstractly seen as a set of materialized views de ned over a set of remote data sources. A DW is intended to satisfy a set of queries. The views materialized in a DW relate to each other in a complex manner, through common subexpressions, in order to guarantee high query performance and low view maintenance cost. DWs are time varying. As time passes new materialized...
متن کاملAuthorization models for secure information sharing: a survey and research agenda
This article presents a survey of authorization models and considers their 'fitness-for-purpose' in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerg...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012