VIEW-less value-based security.

摘要

This dissertation presents a new database security policy with broad business applicability, called Value Based Security (VBS). VBS rules create subsets of sensitive objects that depend only on the subject (user) and query type using expressions that specify values of VBS attributes. The rules are independent of: (I) Query language, object, complexity and order; (II) the DBMS; (III) Domains of VBS attributes.; The main research question is how to enforce VBS rules effectively and efficiently for dynamic SQL queries--the mainstay of client-server and data warehouse applications.; Static, DBMS-dependent facilities such as views or rules can enforce VBS effectively for static SQL queries. However they are infeasible for securing dynamic SQL queries due to: (1) High administrative complexity and coordination costs; (2) Limited Audit trail; (3) Dependence on DBMS; (4) Query scope and type restrictions; (5) Inflexible design; (6) Mandatory schema denormalization to support updates.; The dissertation presents new data driven solutions that essentially reduce the research problem to one of dynamically intercepting and modifying a dynamic SQL query to enforce VBS rules. These techniques can create generalized 'dynamic views' for SQL query access.; The described field implementation enforces VBS policy for thousands of dynamic SQL SELECT queries in a client-server data warehouse of a Fortune 50 corporation. This confirms the following advantages for the new solution: (1) Effective, consistent, efficient and transparent VBS enforcement; (2) Simple, flexible, scaleable, low cost, robust design; (3) Constant, dynamic enforcement performance independent of query scope, type and VBS rule complexity; (4) Secures SQL Update queries without denormalization; (5) No hidden side effects, independent of DBMS and location; (6) Easy, low cost administration; (7) Effective security audit.; The main research contributions of this work are: (I) Formal specification of a new Value Based database security policy. (II) A new, comprehensive, effective solution to enforce VBS policy for dynamic SQL SELECT queries. (III) A new, general technique to create "dynamic views" by dynamically modifying SQL SELECT, UPDATE, INSERT and DELETE queries.