Author
Qihua Wang, Ting Yu, Ninghui Li, Jorge Lobo, Elisa Bertino, Keith Irwin, Ji-Won Byun
Abstract
Databases are increasingly being used to store information
covered by heterogeneous policies, which require support
for access control with great flexibility. It has been well
recognized that traditional database-level or table-level access
control is insufficient to meet this requirement. This
has led to increased interest in using fine-grained access
control, which may be extended down to such levels where
different cells in a relation may be governed by different access
control rules. Though several works have been done to
support fine-grained access control, there is no formal notion
of correctness with regards to the results of queries to
such databases. In this paper, we describe a formal notion
of correctness in fine-grained database access control, and
discuss why existing approaches fall short in at least some
circumstances. We then propose a query evaluation algorithm
which better supports fine-grained access control.