원문정보
초록
영어
Current access control solutions in databases are based on tables and views. While view access control approach is flexible, it does not scale when the number of users (and therefore necessary views) is large. Consequently, most applications are forced to perform access control enforcement in the application code instead of the database. This approach has numerous disadvantages. We present a novel approach for fine-grained access control in large databases. Our solution combines relational databases with trust management techniques. Trust management systems such as KeyNote and CPOL can be used to evaluate policy rules to determine whether a given query can be performed and which parts of the resulting data can be presented to the user. We present the design and implementation of our system as well as a set of performance experiments based on MySQL database and CPOL policy evaluation engine.
목차
1. Introduction
2. Related Works
3. Policy
3.1. Trust Management
3.2. CPOL
3.3. Access Control Model
3.4. Example Application and Policies
4. Design and Implementation
4.1. Security Assumptions
4.2. Design and Implementation
4.3. Example Scenario
4.4 Privacy Leaks
5. Experiments
5.1. Experiment Setup
5.2. Experiment Results
6. Conclusion and Future Work
6.1. Privacy Leaks
References