We present a simple, yet powerful, approach for the specification and enforcement of authorizations regulating data release among data holders collaborating in a distributed computation, to ensure that query processing discloses only data whose release has been explicitly authorized. Data disclosure is captured by means of profiles, associated with each data computation, that describe the information carried by a base or a derived (i.e., computed by a query) relation. We present an algorithm that, given a query plan, determines whether it can be safely executed and produces a safe execution strategy for it. For each operation in a safe query plan, the algorithm determines the server(s) responsible for the execution, based on the entailed information flows, considering different strategies for the execution of joins. Finally, we discuss the architecture of a distributed database system based on the proposed model, illustrating possible design choices and their impact.
Authorization enforcement in distributed query evaluation / S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati. - In: JOURNAL OF COMPUTER SECURITY. - ISSN 0926-227X. - 19:4(2011), pp. 751-794.
|Titolo:||Authorization enforcement in distributed query evaluation|
FORESTI, SARA (Secondo)
SAMARATI, PIERANGELA (Ultimo)
|Parole Chiave:||Distributed query evaluation; authorized views; safe query planning|
|Settore Scientifico Disciplinare:||Settore INF/01 - Informatica|
|Data di pubblicazione:||2011|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.3233/JCS-2010-0413|
|Appare nelle tipologie:||01 - Articolo su periodico|