Observation-based Fine Grained Access Control for Relational Databases

Fine Grained Access Control (FGAC) provides users the access to the non-confidential database information while preventing unauthorized leakage of the confidential data. It provides two extreme views to the database information: completely public or completely hidden. In this paper, we propose an Observation-based Fine Grained Access Control (OFGAC) mechanism based on the Abstract Interpretation framework where data are made accessible at various level of abstraction. In this setting, unauthorized users are not able to infer the exact content of a cell containing confidential information, while they are allowed to get partial information out of it, according to their access rights. Different level of sensitivity of the information correspond to different level of abstraction. In this way, we can tune different parts of the same database content according to different level of abstraction at the same time. The traditional FGAC can be seen as a special case of the OFGAC framework.