Nicholas L. Farnan, Adam J. Lee, Panos K. Chrysanthis, Ting Yu
{"title":"通过偏好感知查询优化实现内向性访问控制","authors":"Nicholas L. Farnan, Adam J. Lee, Panos K. Chrysanthis, Ting Yu","doi":"10.1145/2462410.2462428","DOIUrl":null,"url":null,"abstract":"Although the declarative nature of SQL provides great utility to database users, its use in distributed database management systems can result in unintended consequences to user privacy over the course of query evaluation. By allowing users to merely say what data they are interested in accessing without providing guidance regarding how to retrieve it, query optimizers can generate plans that leak sensitive query intension. To address these types of issues, we have created a framework that empowers users with the ability to specify access controls on the intension of their queries through extensions to the SQL SELECT statement. In this demonstration, we present a version of PostgreSQL's query optimizer that we have modified to produce plans that respect these constraints while optimizing user-specified SQL queries in terms of performance.","PeriodicalId":74509,"journal":{"name":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","volume":"38 1","pages":"189-192"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Enabling intensional access control via preference-aware query optimization\",\"authors\":\"Nicholas L. Farnan, Adam J. Lee, Panos K. Chrysanthis, Ting Yu\",\"doi\":\"10.1145/2462410.2462428\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although the declarative nature of SQL provides great utility to database users, its use in distributed database management systems can result in unintended consequences to user privacy over the course of query evaluation. By allowing users to merely say what data they are interested in accessing without providing guidance regarding how to retrieve it, query optimizers can generate plans that leak sensitive query intension. To address these types of issues, we have created a framework that empowers users with the ability to specify access controls on the intension of their queries through extensions to the SQL SELECT statement. In this demonstration, we present a version of PostgreSQL's query optimizer that we have modified to produce plans that respect these constraints while optimizing user-specified SQL queries in terms of performance.\",\"PeriodicalId\":74509,\"journal\":{\"name\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"volume\":\"38 1\",\"pages\":\"189-192\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-06-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2462410.2462428\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the ... ACM symposium on access control models and technologies. ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2462410.2462428","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enabling intensional access control via preference-aware query optimization
Although the declarative nature of SQL provides great utility to database users, its use in distributed database management systems can result in unintended consequences to user privacy over the course of query evaluation. By allowing users to merely say what data they are interested in accessing without providing guidance regarding how to retrieve it, query optimizers can generate plans that leak sensitive query intension. To address these types of issues, we have created a framework that empowers users with the ability to specify access controls on the intension of their queries through extensions to the SQL SELECT statement. In this demonstration, we present a version of PostgreSQL's query optimizer that we have modified to produce plans that respect these constraints while optimizing user-specified SQL queries in terms of performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
