A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

摘要

In this paper we propose a novel, model-driven approach for enforcing fine-grained access control (FGAC) policies when executing SQL queries. More concretely, we define a function SecQuery() that, given a FGAC policy S and a SQL select-statement q, generates a SQL stored-procedure, such that: if a user is authorized, according to S, to execute q, then calling this stored-procedure returns the same result that executing q; otherwise, if a user is not authorized, according to S, to execute q, then calling this stored-procedure signals an error. We have implemented our approach in an open-source project, called SQL Security Injector (SQLSI).