Sieve: A Middleware Approach to Scalable Access Control for Database Management Systems

dc.contributor.authorPappachan, Primal
dc.contributor.authorYus, Roberto
dc.contributor.authorMehrotra, Sharad
dc.contributor.authorFreytag, Johann-Christoph
dc.date.accessioned2022-06-07T20:50:42Z
dc.date.available2022-06-07T20:50:42Z
dc.date.issued2020-09-14
dc.description.abstractCurrent approaches for enforcing Fine Grained Access Control (FGAC) in DBMS do not scale to scenarios when the number of access control policies are in the order of thousands. This paper identifies such a use case in the context of emerging smart spaces wherein systems may be required by legislation, such as Europe's GDPR and California's CCPA, to empower users to specify who may have access to their data and for what purposes. We present Sieve, a layered approach of implementing FGAC in existing DBMSs, that exploits a variety of their features (e.g., UDFs, index usage hints, query explain) to scale to a large number of policies. Given a query, Sieve exploits its context to filter the policies that need to be checked. It also generates guarded expressions that save on evaluation cost by grouping policies and exploit database indices to cut on read cost. Our experimental results demonstrate that existing DBMSs can utilize Sieve to significantly reduce query-time policy evaluation cost. Using Sieve DBMSs can support real-time access control in applications such as emerging smart environments.en_US
dc.description.sponsorshipThis material is based on research sponsored by DARPA under agreement number FA8750-16-2-0021. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes not withstanding any copyright notation there on. The views and conclusions contained here in are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government. This work is partially supported by the NSF grants 2032525, 1545071, and 1527536. Our thanks to the members of TIPPERS research group for discussions and feedback. We would also like to thank the reviewers to their detailed comments.en_US
dc.description.urihttps://dl.acm.org/doi/10.14778/3407790.3407835en_US
dc.description.urihttps://robertoyus.com/publication/vldb-2020/
dc.format.extent14 pagesen_US
dc.genrejournal articlesen_US
dc.identifierdoi:10.13016/m2vwzm-87on
dc.identifier.citationPrimal Pappachan, Roberto Yus, Sharad Mehrotra, and Johann-Christoph Freytag. 2020. Sieve: a middleware approach to scalable access control for database management systems. Proc. VLDB Endow. 13, 12 (August 2020), 2424–2437. DOI:https://doi.org/10.14778/3407790.3407835en_US
dc.identifier.urihttps://doi.org/10.14778/3407790.3407835
dc.identifier.urihttp://hdl.handle.net/11603/24843
dc.language.isoen_USen_US
dc.publisherACMen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department Collection
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.en_US
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)*
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.titleSieve: A Middleware Approach to Scalable Access Control for Database Management Systemsen_US
dc.typeTexten_US
dcterms.creatorhttps://orcid.org/0000-0002-9311-954Xen_US

Files

Original bundle

Now showing 1 - 2 of 2
Loading...
Thumbnail Image
Name:
3407790.3407835.pdf
Size:
666.44 KB
Format:
Adobe Portable Document Format
Description:
Main Article
Loading...
Thumbnail Image
Name:
Sieve_ A Middleware Approach to Scalable Access Control for Database Management Systems _ Roberto Yus.pdf
Size:
202.02 KB
Format:
Adobe Portable Document Format
Description:
Project_Page

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description: