Abstract
Current-day network applications require much more secure data storages than anticipated before. With millions of anonymous users using same networking applications, security of data behind the applications have become a major concern of database developers and security experts. In most security incidents, the databases attached to the applications are targeted, and attacks have been made. Most of these applications require allowing data manipulation at several granular levels to the users accessing the applications—not just table and view level, but tuple level. A database that supports fine-grained access control restricts the rows a user sees, based on his/her credentials. Generally, this restriction is enforced by a query modification mechanism automatically done at the database. This feature enables per-user data access within a single database, with the assurance of physical data separation. It is enabled by associating one or more security policies with tables, views, table columns, and table rows. Such a model is ideal for minimizing the complexity of the security enforcements in databases based on network applications. With fine-grained access controls, one can create fast, scalable, and secure network applications. Each application can be written to find the correct balance between performance and security, so that each data transaction is performed as quickly and safely as possible. Today, the database vendors like Oracle 10g, and IBM DB2 provides commercial implementations of fine-grained access control methods, such as filtering rows, masking columns selectively based on the policy, and applying the policy only when certain columns are accessed. The behavior of the fine-grained access control model can also be increased through the use of multiple types of policies based on the nature of the application, making the feature applicable to multiple situations. Meanwhile, Microsoft SQL Server2005 has also come up with emerging features to control the access to databases using fine-grained access controls. Fine-grained access control does not cover all the security issues related to Internet databases, but when implemented, it supports building secure databases rapidly and bringing down the complexity of security management issues.
TopBackground
Modern database applications with large numbers of users require fine-grained access control (FGAC) mechanisms at the level of individual tuples, not just entire relations/views, to control which parts of the data can be accessed by each user. Consider the following scenario:
In a commercial organization’s human resources database, the human resources manager should have access to all the personal details of employees. At the same time, individual employees should only be able to see their particulars, not other employees’ information.
In the above case, authorization is required at a very fine-grained level, such as at the level of individual tuples. Similar scenarios exist in many environments, including finance, law, government, and military applications. Consumer privacy requirements are yet another emerging driver for finer control of data.
Currently, general data authorization mechanisms in relational databases permit access control at the level of complete tables or columns, or on views. There is no direct way to specify fine-grained authorization to control, which tuples can be accessed by users. In theory, FGAC, at the level of individual tuples, can be achieved by creating an access control list for each tuple. However, this approach is not scalable (Jain, 2004) and would be totally impractical in systems with millions of tuples and thousands or millions of users, since it would require millions of access control specifications to be provided (manually) by the administrator. It is also possible to create views for specific users, which allow those users access to only selected tuples of a table, but again, this approach is not scalable with large numbers of users.
Key Terms in this Chapter
Cell-Level Security (CLS): Allows restricted access to a particular cell, based on a security policy implemented in PL/SQL.
Virtual Private Database (VPD): Virtual Private Database is also known as Fine-Grained Access Control (FGAC). It allows defining, which rows users may access.
Oracle Grid: Oracle database running on group of low-cost servers connected by Oracle software.
Database Administrator (DBA): A person who is responsible for the environmental aspects, such as Recoverability, Integrity, Security, Availability, Performance, Development, and testing support.
Structured Query Language (SQL): It is a language for creating, modifying, and retrieving data from relational database management systems.
Granularity (of access control): The size of individual data items that can be authorized to users.
Application Context: Oracle VPD (see below) specific set of variables that hold database user information in order to create a Predicate (see below).
Predicate: Additional SQL statement(s) pasted after WHERE clause based on security policy.
Tuple: In a relational database, a tuple is one record (one row) which belongs to a table
Programming Language/SQL (PL/SQL): SQL language that has programming capabilities.
Row-Level Security (RLS): Allows restrict access to records, based on a security policy implemented in PL/SQL.