A Role-Based Access Control Schema for Materialized Views
Total Page:16
File Type:pdf, Size:1020Kb
University of Windsor Scholarship at UWindsor Electronic Theses and Dissertations Theses, Dissertations, and Major Papers 2013 A role-based access control schema for materialized views Hassaan Yousafi University of Windsor Follow this and additional works at: https://scholar.uwindsor.ca/etd Recommended Citation Yousafi, Hassaan, A" role-based access control schema for materialized views" (2013). Electronic Theses and Dissertations. 4895. https://scholar.uwindsor.ca/etd/4895 This online database contains the full-text of PhD dissertations and Masters’ theses of University of Windsor students from 1954 forward. These documents are made available for personal study and research purposes only, in accordance with the Canadian Copyright Act and the Creative Commons license—CC BY-NC-ND (Attribution, Non-Commercial, No Derivative Works). Under this license, works must always be attributed to the copyright holder (original author), cannot be used for any commercial purposes, and may not be altered. Any other use would require the permission of the copyright holder. Students may inquire about withdrawing their dissertation and/or thesis from this database. For additional inquiries, please contact the repository administrator via email ([email protected]) or by telephone at 519-253-3000ext. 3208. A ROLE-BASED ACCESS CONTROL SCHEMA FOR MATERIALIZED VIEWS By Hassaan Yousafi A Thesis Submitted to the Faculty of Graduate Studies Through the School of Computer Science in Partial Fulfillment of the Requirements for the Degree of Master of Science at the University of Windsor Windsor, Ontario, Canada 2013 © 2013 Hassaan Yousafi Library and Archives Bibliothèque et Canada Archives Canada Published Heritage Direction du Branch Patrimoine de l'édition 395 Wellington Street 395, rue Wellington Ottawa ON K1A 0N4 Ottawa ON K1A 0N4 Canada Canada Your file Votre référence ISBN: 978-0-494-87144-7 Our file Notre référence ISBN: 978-0-494-87144-7 NOTICE: AVIS: The author has granted a non- L'auteur a accordé une licence non exclusive exclusive license allowing Library and permettant à la Bibliothèque et Archives Archives Canada to reproduce, Canada de reproduire, publier, archiver, publish, archive, preserve, conserve, sauvegarder, conserver, transmettre au public communicate to the public by par télécommunication ou par l'Internet, prêter, telecommunication or on the Internet, distribuer et vendre des thèses partout dans le loan, distrbute and sell theses monde, à des fins commerciales ou autres, sur worldwide, for commercial or non- support microforme, papier, électronique et/ou commercial purposes, in microform, autres formats. paper, electronic and/or any other formats. The author retains copyright L'auteur conserve la propriété du droit d'auteur ownership and moral rights in this et des droits moraux qui protege cette thèse. Ni thesis. Neither the thesis nor la thèse ni des extraits substantiels de celle-ci substantial extracts from it may be ne doivent être imprimés ou autrement printed or otherwise reproduced reproduits sans son autorisation. without the author's permission. In compliance with the Canadian Conformément à la loi canadienne sur la Privacy Act some supporting forms protection de la vie privée, quelques may have been removed from this formulaires secondaires ont été enlevés de thesis. cette thèse. While these forms may be included Bien que ces formulaires aient inclus dans in the document page count, their la pagination, il n'y aura aucun contenu removal does not represent any loss manquant. of content from the thesis. A ROLE-BASED ACCESS CONTROL SCHEMA FOR MATERIALIZED VIEWS by Hassaan Yousafi APPROVED BY: ______________________________________________ Kemal Tepe Department of Electrical Engineering ______________________________________________ Dan Wu School of Computer Science ______________________________________________ Robert D. Kent, Advisor School of Computer Science May 06, 2013 ii DECLARATION OF ORIGINALITY I hereby certify that I am the sole author of this thesis and that no part of this thesis has been published or submitted for publication. I certify that, to the best of my knowledge, my thesis does not infringe upon anyone’s copyright nor violate any proprietary rights and that any ideas, techniques, quotations, or any other material from the work of other people included in my thesis, published or otherwise, are fully acknowledged in accordance with the standard referencing practices. Furthermore, to the extent that I have included copyrighted material that surpasses the bounds of fair dealing within the meaning of the Canada Copyright Act, I certify that I have obtained a written permission from the copyright owner(s) to include such material(s) in my thesis and have included copies of such copyright clearances to my appendix. I declare that this is a true copy of my thesis, including any final revisions, as approved by my thesis committee and the Graduate Studies office, and that this thesis has not been submitted for a higher degree to any other University or Institution. iii ABSTRACT This thesis research presents a framework that enhances security at the level of materialized views. Materialized views can be used for performance reasons in very large systems such as data warehouses or distributed systems, or for providing a filtered selection of data from a more general database. Existing proposed techniques provide rule-based access control for materialized views, however, the administration of such systems is time consuming and cumbersome in a large environment. This thesis presents a role-based access control schema for materialized views in which data authorization rules are associated with roles and defined in Datalog syntax in plain text files, a column level restriction is imposed on a materialized view based on a user assigned role, and a role conflict strategy is defined in which priority is given to each conflicting role in order to resolve role conflicts if a user is gaining authorization for permissions associated with conflicting roles at the same time. KEYWORDS Materialized Views, Authorization Views, Session Roles, Role Conflicts iv DEDICATION To my parents, my sister Munnaza, and my loving wife Mariam v ACKNOWLEDGEMENTS I would like to thank all the people who have helped me during my thesis research. Special thanks to my supervisor Dr. Robert D. Kent for his immense support and guidance throughout my master’s degree. My sincere appreciation goes to my parents for their unconditional support, and also to my wife Mariam for her encouragement and support in all these years. I express my deep appreciation to my elder sister Munazza for standing by me during these years. I would also like to thank Dr. Dan Wu and Dr. Kamal Tepe for serving in my thesis committee. Lastly, I would like to thank all my colleagues in Computer Science department who helped me through their inputs to improve my thesis work. vi TABLE OF CONTENTS DECLARATION OF ORIGINALITY ....................................................................................... iii ABSTRACT ................................................................................................................................... iv DEDICATION ............................................................................................................................... v ACKNOWLEDGEMENTS ......................................................................................................... vi LIST OF TABLES ........................................................................................................................ ix LIST OF FIGURES ....................................................................................................................... x CHAPTER I ................................................................................................................................... 1 INTRODUCTION.......................................................................................................................... 1 1.1 - Data Access Control Methods ............................................................................................. 2 1.1.1 - Mandatory Access Control (MAC) .............................................................................. 2 1.1.2 - Discretionary Access Control (DAC) ........................................................................... 2 1.1.3 - Role-based Access Control (RBAC) ............................................................................ 3 1.2 - Materialized View ............................................................................................................... 6 1.3 - Authorization View ............................................................................................................. 9 1.4 - Query Rewriting ................................................................................................................ 11 1.5 - Problem Statement ............................................................................................................. 12 1.6 - Thesis Contribution ........................................................................................................... 13 1.7 - Organization of thesis ........................................................................................................ 13 CHAPTER II ................................................................................................................................ 14 RELATED WORK .....................................................................................................................