Explainable security for relational databases

Proceedings of the ACM SIGMOD International Conference on Management of Data

Volumn , Issue , 2014, Pages 1411-1422

  Bender, Gabriel ^a   Kot, Łucja ^a   Gehrke, Johannes ^a  

^a Department of Obstetrics Gynecology   (United States)

Author keywords

Access control; Database security; View rewriting

Indexed keywords

QUERY PROCESSING;

DATABASE SECURITY; DISCLOSURE CONTROL; FORMAL FOUNDATION; POLICY CONSTRAINTS; RELATIONAL DATABASE; SECURITY CREDENTIALS; SECURITY MECHANISM; VIEW REWRITING;

ACCESS CONTROL;

EID: 84904325927     PISSN: 07308078     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2588555.2593663     Document Type: Conference Paper

References (24)

1. https://github.com/JSQLParser/JSqlParser.
2. Android permissions. http://developer.android.com/guide/topics/security/ permissions.html.
3. Facebook query language. https://developers.facebook.com/docs/reference/ fql/.
4. Facebook query language (fql) reference. https://developers.facebook.com/ docs/reference/fql/.
5. Label-based access control (lbac) overview. http://publib.boulder.ibm. com/infocenter/db2luw/v9/index.jsp?topic=%2Fcom.ibm.db2.udb. admin.doc%2Fdoc%2Fc0021114.htm.
6. Virtual private database. http://www.oracle.com/technetwork/database/ security/index-088277.html.
7. Moritz Y Becker, Cédric Fournet, and Andrew D Gordon. Secpal: Design and semantics of a decentralized authorization language. CSF, 2006.
8. Gabriel M Bender, Lucja Kot, Johannes Gehrke, and Christoph Koch. Fine-grained disclosure control for app ecosystems. SIGMOD, 2013.
9. Piero Bonatti, Sabrina De Capitani di Vimercati, and Pierangela Samarati. An algebra for composing access control policies. TISSEC, 2002.
10. Alexander Brodsky, Csilla Farkas, and Sushil Jajodia. Secure databases: Constraints, inference channels, and monitoring disclosures. TKDE, 12(6):900-919, 2000.
11. Ashok K Chandra and Philip M Merlin. Optimal implementation of conjunctive queries in relational data bases. STOC, 1977.
12. Surajit Chaudhuri, Tanmoy Dutta, and S Sudarshan. Fine grained authorization through predicated grants. ICDE, 2007.
13. Surajit Chaudhuri and Moshe Y Vardi. Optimization of real conjunctive queries. SIGMOD, 1993.
14. Sara Cohen. Equivalence of queries that are sensitive to multiplicities. VLDB, 2009.
15. Cynthia Dwork. Differential privacy. In Automata, languages and programming, pages 1-12. Springer, 2006.
16. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. Android permissions demystified. CCS, 2011.
17. Paraschos Koutris, Prasang Upadhyaya, Magdalena Balazinska, Bill Howe, and Dan Suciu. Query-based data pricing. PODS, 2012.
18. Jaisook Landauer and Timothy Redmond. A lattice of information. CSFW, 1993.
19. Alan Nash, Luc Segoufin, and Victor Vianu. Views and queries: Determinacy and rewriting. TODS, 2010.
20. Lars E Olson, Carl A Gunter, and P Madhusudan. A formal framework for reective database access control policies. CCS, 2008.
21. Raghu Ramakrishnan and Johannes Gehrke. Database Management Systems. McGraw-Hill, Inc., New York, NY, USA, 3 edition, 2003.
22. Shariq Rizvi, Alberto Mendelzon, Sundararajarao Sudarshan, and Prasan Roy. Extending query rewriting techniques for fine-grained access control. SIGMOD, 2004.
23. Jerome H Saltzer and Michael D Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, 1975.
24. Fred B Schneider, Kevin Walsh, and Emin Gün Sirer. Nexus authorization logic (nal): Design rationale and applications. TISSEC, 14(1), 2011.