A Database Level Implementation To Enforce Fine Grained Access Control

Show full item record

Title: A Database Level Implementation To Enforce Fine Grained Access Control
Author: Arjun, Vinod
Advisors: Dr. Ting Yu, Committee Chair
Dr. Peng Ning, Committee Member
Dr. Rada Chirkova, Committee Member
Abstract: As privacy protection has gained significant importance, organizations have been forced to protect individual preferences and comply with many enacted privacy laws. This has been a strong driving force for access control in relational databases. Traditional relation level access control is insufficient to address the increasingly complex requirements of access control policies where each cell in the relation might be governed by a separate policy. In order to address this demand, we are in need of a more fine grained access control scheme, at the row-level or even the cell-level. A recent research paper proposed correctness criteria for query evaluation algorithms enforcing fine grained access control and showed that existing approaches did not satisfy the criteria. In addition, the paper proposed a query modification approach to implement a sound and secure query evaluation algorithm enforcing fine grained access control. To evaluate queries involving moderate table sizes of 50000 and 100000 records we experimentally find that the implementation takes approximately 8 and 32 seconds respectively. This is approximately 10 times, on an average, slower than query evaluation algorithms without access control. This performance gap increases significantly with increase in table size, thus rendering it impractical. In this thesis, we modify the query evaluation engine of POSTGRESQL to enforce fine grained access control at the database level. We address a few challenges and propose optimizations to counter inefficiencies that we encounter when moving the access control scheme to the database level. We analyze the performance of our implementation using data sets with various properties and find that it performs approximately 10 times better compared to the query modification approach on moderate table sizes of 50000 and 100000 records. Also, we find that our implementation scales well with table size. Experimental results show that our implementation is comparable to the performance of query evaluation algorithms without access control and hence is practical.
Date: 2008-05-06
Degree: MS
Discipline: Computer Science
URI: http://www.lib.ncsu.edu/resolver/1840.16/910

Files in this item

Files Size Format View
etd.pdf 683.4Kb PDF View/Open

This item appears in the following Collection(s)

Show full item record