We propose an approach for the selective enforcement of access control restrictions in, possibly distributed, large data collections based on two basic concepts: i) flexible authorizations identify, in a declarative way, the data that can be released, and ii) queries are checked for execution not with respect to individual authorizations but rather evaluating whether the information release they (directly or indirectly) entail is allowed by the authorizations. Our solution is based on the definition of query profiles capturing the information content of a query and builds on a graph-based modeling of database schema, authorizations, and queries. Access control is then effectively modeled and efficiently executed in terms of graph coloring and composition and on traversal of graph paths. We then provide a polynomial composition algorithm for determining if a query is authorized.

Assessing query privileges via safe and efficient permission composition / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati - In: CCS '08 : proceedings / [a cura di] P. Syverson. - New York : ACM, 2008. - ISBN 9781595938107. - pp. 311-321 (( Intervento presentato al 15. convegno CCS tenutosi a Alexandria nel 2008.

Assessing query privileges via safe and efficient permission composition

S. De Capitani di Vimercati
Primo
;
S. Foresti
Secondo
;
P. Samarati
Ultimo
2008

Abstract

We propose an approach for the selective enforcement of access control restrictions in, possibly distributed, large data collections based on two basic concepts: i) flexible authorizations identify, in a declarative way, the data that can be released, and ii) queries are checked for execution not with respect to individual authorizations but rather evaluating whether the information release they (directly or indirectly) entail is allowed by the authorizations. Our solution is based on the definition of query profiles capturing the information content of a query and builds on a graph-based modeling of database schema, authorizations, and queries. Access control is then effectively modeled and efficiently executed in terms of graph coloring and composition and on traversal of graph paths. We then provide a polynomial composition algorithm for determining if a query is authorized.
Access control; authorization composition
Settore INF/01 - Informatica
2008
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
p311-divimercati.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 1.11 MB
Formato Adobe PDF
1.11 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/48723
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 5
social impact