Access control in very loosely structured data model using relational databases

被引：0

作者：

Pan, Ying ^{[1
,2
]}

Tang, Yong ^{[3
]}

Liu, Hai ^{[3
]}

机构：

[1] Department of Computer Science, Sun Yat-Sen University, Guangzhou

[2] College of Computer and Information Engineering, Guangxi Teachers Education University, Nanning

[3] School of Computer Science, South China Normal University, Guangzhou

来源：

Tien Tzu Hsueh Pao/Acta Electronica Sinica | 2012年 / 40卷 / 03期

关键词：

Access control; Dataspace; Loosely structured; Relational databases;

D O I：

10.3969/j.issn.0372-2112.2012.03.032

中图分类号：

学科分类号：

摘要：

This paper proposes a framework to efficiently support dynamic, fine-grained access control for the very loosely structured data model, named GLSDM (General very Loosely-Structured Data Model), which is presented based on the current dataspace data models. In the framework, GLSDM is mapped into and stored in relational databases, and then the fine-grained access control in GLSDM is converted into the corresponding fine-grained security (e. g., row-level and cell-level security) in relational databases. A query rewriting algorithm is also given to dynamically imbed GLSDM security information into SQL statements the user issues, thus, dynamic access control is realized during the period of query processing. Finally, the validity of the framework is proved by theory and experiment, that is, the GLSDM-to-relational mapping method and query rewriting algorithm in this paper can ensure the access control in GLSDM is equivalent to that in relational databases.

引用

页码：600 / 606

页数：6

共 16 条

[1] Franklin M., Halevy A., Maier D., From databases to dataspaces: A new abstraction for information management, ACM SIGMOD Record, 34, 4, pp. 27-33, (2005)
[2] Halevy A., Franklin M., Maier D., Principles of dataspace systems, Proceedings of 25th ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, pp. 1-9, (2006)
[3] Jin L., Zhang Y., Ye X., An extensible data model with security support for dataspace management, Proceedings of 10th IEEE International Conference on High Performance Computing and Communications, pp. 556-563, (2008)
[4] Dittrich J.P., Salles M.A., iDM a unified and versatile data model for personal dataspace management, Proceedings of the 32nd International Conference on Very Large Data Bases, pp. 367-378, (2006)
[5] Lee D., Lee W.C., Liu P., Supporting XML security models using relational databases: A vision, Proceedings of Xsym (XML Database Symposium), pp. 267-281, (2003)
[6] Luo B., Lee D., Liu P., Pragmatic XML access control using off-the-shelf RDBMS, Proceedings of ESORICS (European Symposium On Research In Computer Security), pp. 55-71, (2007)
[7] Koromilas L., Chinis G., Fundulaki I., Et al., Controlling access to XML documents over XML native and relational databases, Proceedings of Secure Data Management, pp. 122-141, (2009)
[8] Lefevre K., Agrawal R., Ercegovac V., Et al., Limiting disclosure in hippocratic databases, Proceedings of the Thirtieth International Conference on Very Large Data Bases, pp. 108-119, (2004)
[9] Chaudhuri S., Dutta T., Sudarshan S., Fine grained authorization through predicated grants, Proceedings of IEEE 23rd International Conference on Data Engineering, pp. 1174-1183, (2007)
[10] Barker S., Dynamic meta-level access control in SQL, Proceedings of 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 1-16, (2008)

← 1 2 →