Files in this item



application/pdfthesis.pdf (881kB)
(no description provided)PDF


Title:Reflective Database Access Control
Author(s):Olson, Lars E.
Director of Research:Gunter, Carl A.
Doctoral Committee Chair(s):Gunter, Carl A.; Winslett, Marianne
Doctoral Committee Member(s):Parthasarathy, Madhusudan; Cook, William R.
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):Access Control
Database Systems
Formal Security Analysis
Abstract:Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog syntax and semantics as a formal framework for expressing reflective access control policies. Using a formal logic-based language provides a basis for analyzing policies and enables secure implementations that can guarantee that certain configurations built on these policies cannot be subverted. We demonstrate this by defining two classes of policy configurations, and proving that under any set of such policies, a decidable algorithm can determine whether or not access to a sensitive data item can ever be leaked to an unprivileged user. Although the Transaction Datalog language provides a powerful syntax and semantics for expressing RDBAC policies, there is no efficient implementation of this language for practical database systems. We demonstrate a strategy for compiling policies into standard SQL views that enforce the policies, including overcoming significant differences in semantics between the languages in handling side-effects and evaluation order. We also report the results of evaluating the performance of these views compared to policies enforced by traditional access control lists, using a common off-the-shelf relational database management system. We also present two case studies for systems that can be protected using RDBAC security policies. These case studies demonstrate the flexibility of the system by implementing a wide range of functionality, as well as the practicality and scalability of using such a system in real-world applications that require non-trivial policy definitions on large data sets. This work establishes the theoretical soundness of using RDBAC as a basis for access control. It describes an efficient translation process for executing a useful subset of RDBAC rules in standard SQL, thereby demonstrating its practical feasibility using existing software. We show how RDBAC can be applied to realistic applications. These results suggest a rich field of further research.
Issue Date:2009-10-01
Genre:Dissertation / Thesis
Publication Status:unpublished
Peer Reviewed:not peer reviewed
Sponsor:NSF CNS 07-16626
NSF CNS 07-16421
NSF CNS 05-24695
ONR N00014-08-1-0248
NSF CNS 05-24516
NSF CNS 05-24695
DHS 2006-CS-001-000001
MacAruthur Foundation
Boeing Corporation
Rights Information:Copyright 2009 by LARS E. OLSON. All rights reserved.
Date Available in IDEALS:2009-10-01

This item appears in the following Collection(s)

Item Statistics