A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

연구 분야: Databases

학회: SN Computer Science

In this paper, we propose a novel, model-driven approach for enforcing fine-grained access control (FGAC) policies when executing SQL queries. More concretely, we define a function that, given an FGAC policy and an SQL select-statement q, generates an SQL stored-procedure Sec-Query , such that: if a user u is authorized, according to , to execute q, then calling returns the same result that when u executes q; otherwise, if the user u is not authorized, according to , to execute q, then calling signals an error. The stored-procedure implements the appropriate FGAC authorization-checks for executing the query q, according to the policy . As expected, the execution of the query q takes less time than calling the stored-procedure . Moreover, evaluating the (sub)-queries corresponding to authorization-checks will take (more or less) time, depending on the “complexity” of the underlying policies. To illustrate this performance-issue, we have included in this paper some experimental results regarding the performance overhead incurred by executing the (secured) stored-procedure corresponding to (unsecured) queries. Finally, we have implemented our model-driven approach for enforcing FGAC policies for SQL queries in an open-source project, called SQL Security Injector (SQLSI).