A Role-Based Access Control Schema for Materialized Views

Total Page:16

File Type:pdf, Size:1020Kb

A Role-Based Access Control Schema for Materialized Views University of Windsor Scholarship at UWindsor Electronic Theses and Dissertations Theses, Dissertations, and Major Papers 2013 A role-based access control schema for materialized views Hassaan Yousafi University of Windsor Follow this and additional works at: https://scholar.uwindsor.ca/etd Recommended Citation Yousafi, Hassaan, A" role-based access control schema for materialized views" (2013). Electronic Theses and Dissertations. 4895. https://scholar.uwindsor.ca/etd/4895 This online database contains the full-text of PhD dissertations and Masters’ theses of University of Windsor students from 1954 forward. These documents are made available for personal study and research purposes only, in accordance with the Canadian Copyright Act and the Creative Commons license—CC BY-NC-ND (Attribution, Non-Commercial, No Derivative Works). Under this license, works must always be attributed to the copyright holder (original author), cannot be used for any commercial purposes, and may not be altered. Any other use would require the permission of the copyright holder. Students may inquire about withdrawing their dissertation and/or thesis from this database. For additional inquiries, please contact the repository administrator via email ([email protected]) or by telephone at 519-253-3000ext. 3208. A ROLE-BASED ACCESS CONTROL SCHEMA FOR MATERIALIZED VIEWS By Hassaan Yousafi A Thesis Submitted to the Faculty of Graduate Studies Through the School of Computer Science in Partial Fulfillment of the Requirements for the Degree of Master of Science at the University of Windsor Windsor, Ontario, Canada 2013 © 2013 Hassaan Yousafi Library and Archives Bibliothèque et Canada Archives Canada Published Heritage Direction du Branch Patrimoine de l'édition 395 Wellington Street 395, rue Wellington Ottawa ON K1A 0N4 Ottawa ON K1A 0N4 Canada Canada Your file Votre référence ISBN: 978-0-494-87144-7 Our file Notre référence ISBN: 978-0-494-87144-7 NOTICE: AVIS: The author has granted a non- L'auteur a accordé une licence non exclusive exclusive license allowing Library and permettant à la Bibliothèque et Archives Archives Canada to reproduce, Canada de reproduire, publier, archiver, publish, archive, preserve, conserve, sauvegarder, conserver, transmettre au public communicate to the public by par télécommunication ou par l'Internet, prêter, telecommunication or on the Internet, distribuer et vendre des thèses partout dans le loan, distrbute and sell theses monde, à des fins commerciales ou autres, sur worldwide, for commercial or non- support microforme, papier, électronique et/ou commercial purposes, in microform, autres formats. paper, electronic and/or any other formats. The author retains copyright L'auteur conserve la propriété du droit d'auteur ownership and moral rights in this et des droits moraux qui protege cette thèse. Ni thesis. Neither the thesis nor la thèse ni des extraits substantiels de celle-ci substantial extracts from it may be ne doivent être imprimés ou autrement printed or otherwise reproduced reproduits sans son autorisation. without the author's permission. In compliance with the Canadian Conformément à la loi canadienne sur la Privacy Act some supporting forms protection de la vie privée, quelques may have been removed from this formulaires secondaires ont été enlevés de thesis. cette thèse. While these forms may be included Bien que ces formulaires aient inclus dans in the document page count, their la pagination, il n'y aura aucun contenu removal does not represent any loss manquant. of content from the thesis. A ROLE-BASED ACCESS CONTROL SCHEMA FOR MATERIALIZED VIEWS by Hassaan Yousafi APPROVED BY: ______________________________________________ Kemal Tepe Department of Electrical Engineering ______________________________________________ Dan Wu School of Computer Science ______________________________________________ Robert D. Kent, Advisor School of Computer Science May 06, 2013 ii DECLARATION OF ORIGINALITY I hereby certify that I am the sole author of this thesis and that no part of this thesis has been published or submitted for publication. I certify that, to the best of my knowledge, my thesis does not infringe upon anyone’s copyright nor violate any proprietary rights and that any ideas, techniques, quotations, or any other material from the work of other people included in my thesis, published or otherwise, are fully acknowledged in accordance with the standard referencing practices. Furthermore, to the extent that I have included copyrighted material that surpasses the bounds of fair dealing within the meaning of the Canada Copyright Act, I certify that I have obtained a written permission from the copyright owner(s) to include such material(s) in my thesis and have included copies of such copyright clearances to my appendix. I declare that this is a true copy of my thesis, including any final revisions, as approved by my thesis committee and the Graduate Studies office, and that this thesis has not been submitted for a higher degree to any other University or Institution. iii ABSTRACT This thesis research presents a framework that enhances security at the level of materialized views. Materialized views can be used for performance reasons in very large systems such as data warehouses or distributed systems, or for providing a filtered selection of data from a more general database. Existing proposed techniques provide rule-based access control for materialized views, however, the administration of such systems is time consuming and cumbersome in a large environment. This thesis presents a role-based access control schema for materialized views in which data authorization rules are associated with roles and defined in Datalog syntax in plain text files, a column level restriction is imposed on a materialized view based on a user assigned role, and a role conflict strategy is defined in which priority is given to each conflicting role in order to resolve role conflicts if a user is gaining authorization for permissions associated with conflicting roles at the same time. KEYWORDS Materialized Views, Authorization Views, Session Roles, Role Conflicts iv DEDICATION To my parents, my sister Munnaza, and my loving wife Mariam v ACKNOWLEDGEMENTS I would like to thank all the people who have helped me during my thesis research. Special thanks to my supervisor Dr. Robert D. Kent for his immense support and guidance throughout my master’s degree. My sincere appreciation goes to my parents for their unconditional support, and also to my wife Mariam for her encouragement and support in all these years. I express my deep appreciation to my elder sister Munazza for standing by me during these years. I would also like to thank Dr. Dan Wu and Dr. Kamal Tepe for serving in my thesis committee. Lastly, I would like to thank all my colleagues in Computer Science department who helped me through their inputs to improve my thesis work. vi TABLE OF CONTENTS DECLARATION OF ORIGINALITY ....................................................................................... iii ABSTRACT ................................................................................................................................... iv DEDICATION ............................................................................................................................... v ACKNOWLEDGEMENTS ......................................................................................................... vi LIST OF TABLES ........................................................................................................................ ix LIST OF FIGURES ....................................................................................................................... x CHAPTER I ................................................................................................................................... 1 INTRODUCTION.......................................................................................................................... 1 1.1 - Data Access Control Methods ............................................................................................. 2 1.1.1 - Mandatory Access Control (MAC) .............................................................................. 2 1.1.2 - Discretionary Access Control (DAC) ........................................................................... 2 1.1.3 - Role-based Access Control (RBAC) ............................................................................ 3 1.2 - Materialized View ............................................................................................................... 6 1.3 - Authorization View ............................................................................................................. 9 1.4 - Query Rewriting ................................................................................................................ 11 1.5 - Problem Statement ............................................................................................................. 12 1.6 - Thesis Contribution ........................................................................................................... 13 1.7 - Organization of thesis ........................................................................................................ 13 CHAPTER II ................................................................................................................................ 14 RELATED WORK .....................................................................................................................
Recommended publications
  • Relational Database Design Chapter 7
    Chapter 7: Relational Database Design Chapter 7: Relational Database Design First Normal Form Pitfalls in Relational Database Design Functional Dependencies Decomposition Boyce-Codd Normal Form Third Normal Form Multivalued Dependencies and Fourth Normal Form Overall Database Design Process Database System Concepts 7.2 ©Silberschatz, Korth and Sudarshan 1 First Normal Form Domain is atomic if its elements are considered to be indivisible units + Examples of non-atomic domains: Set of names, composite attributes Identification numbers like CS101 that can be broken up into parts A relational schema R is in first normal form if the domains of all attributes of R are atomic Non-atomic values complicate storage and encourage redundant (repeated) storage of data + E.g. Set of accounts stored with each customer, and set of owners stored with each account + We assume all relations are in first normal form (revisit this in Chapter 9 on Object Relational Databases) Database System Concepts 7.3 ©Silberschatz, Korth and Sudarshan First Normal Form (Contd.) Atomicity is actually a property of how the elements of the domain are used. + E.g. Strings would normally be considered indivisible + Suppose that students are given roll numbers which are strings of the form CS0012 or EE1127 + If the first two characters are extracted to find the department, the domain of roll numbers is not atomic. + Doing so is a bad idea: leads to encoding of information in application program rather than in the database. Database System Concepts 7.4 ©Silberschatz, Korth and Sudarshan 2 Pitfalls in Relational Database Design Relational database design requires that we find a “good” collection of relation schemas.
    [Show full text]
  • Comparing Approaches: Analytic Workspaces and Materialized Views
    Comparing Materialized Views and Analytic Workspaces in Oracle Database 11g An Oracle White Paper March 2008 Comparing Materialized Views and Analytic Workspaces in Oracle Database 11g Introduction ....................................................................................................... 3 Fast Reporting – Comparing The Approaches............................................. 3 Overview of Materialized Views................................................................. 3 Overview of Analytic Workspaces............................................................. 4 Working Together in the Oracle Database ............................................... 6 Explanation of Data Used for this White Paper........................................... 6 Methodology for Designing and Building the Materialized Views........ 7 Manually Creating the Materialized View ............................................. 7 Generating Recommendations from the SQL Access Advisor ........ 9 Methodology for Defining the Analytic Workspace ............................. 10 Tools For Querying ........................................................................................ 15 Refreshing the Data ........................................................................................ 16 Refreshing Materialized Views.................................................................. 16 Refreshing Analytic Workspace Cubes.................................................... 17 Other Issues To Consider.............................................................................
    [Show full text]
  • Oracle Database 10G Materialized Views & Query Rewrite
    Oracle Materialized Views & Query Rewrite An Oracle White Paper May 2005 Oracle Materialized Views & Query Rewrite Executive Overview.......................................................................................... 3 Introduction ....................................................................................................... 3 Why use Summary Management..................................................................... 4 Components of Summary Management ........................................................ 5 Schema Requirements.................................................................................. 5 Dimensions ........................................................................................................ 5 Hints on Defining Dimensions .................................................................. 7 Materialized Views ............................................................................................ 8 Creating a Materialized View....................................................................... 8 Using your own pre-built materialized views............................................ 9 Index selection for Materialized Views...................................................... 9 What can this Materialized View Do?...................................................... 10 Tuning a Materialized View....................................................................... 11 Materialized View Invalidation ................................................................. 12 Security Implications
    [Show full text]
  • Apache Hive Overview Date of Publish: 2018-07-12
    Data Access 3 Apache Hive overview Date of Publish: 2018-07-12 http://docs.hortonworks.com Contents What's new in this release: Apache Hive...............................................................3 Apache Hive 3 architectural overview................................................................... 4 Apache Hive 3 upgrade process..............................................................................6 Changes after upgrading to Apache Hive 3.........................................................................................................7 Convert Hive CLI scripts to Beeline................................................................................................................... 9 Hive Semantic and Syntax Changes.................................................................................................................. 10 Creating a table.......................................................................................................................................10 Escaping db.table references.................................................................................................................. 11 Casting timestamps................................................................................................................................. 11 Renaming tables......................................................................................................................................12 Checking compatibility of column changes...........................................................................................12
    [Show full text]
  • Short Type Questions and Answers on DBMS
    BIJU PATNAIK UNIVERSITY OF TECHNOLOGY, ODISHA Short Type Questions and Answers on DBMS Prepared by, Dr. Subhendu Kumar Rath, BPUT, Odisha. DABASE MANAGEMENT SYSTEM SHORT QUESTIONS AND ANSWERS Prepared by Dr.Subhendu Kumar Rath, Dy. Registrar, BPUT. 1. What is database? A database is a logically coherent collection of data with some inherent meaning, representing some aspect of real world and which is designed, built and populated with data for a specific purpose. 2. What is DBMS? It is a collection of programs that enables user to create and maintain a database. In other words it is general-purpose software that provides the users with the processes of defining, constructing and manipulating the database for various applications. 3. What is a Database system? The database and DBMS software together is called as Database system. 4. What are the advantages of DBMS? 1. Redundancy is controlled. 2. Unauthorised access is restricted. 3. Providing multiple user interfaces. 4. Enforcing integrity constraints. 5. Providing backup and recovery. 5. What are the disadvantage in File Processing System? 1. Data redundancy and inconsistency. 2. Difficult in accessing data. 3. Data isolation. 4. Data integrity. 5. Concurrent access is not possible. 6. Security Problems. 6. Describe the three levels of data abstraction? The are three levels of abstraction: 1. Physical level: The lowest level of abstraction describes how data are stored. 2. Logical level: The next higher level of abstraction, describes what data are stored in database and what relationship among those data. 3. View level: The highest level of abstraction describes only part of entire database.
    [Show full text]
  • Automated Selection of Materialized Views and Indexes for SQL Databases
    Automated Selection of Materialized Views and Indexes for SQL Databases Sanjay Agrawal Surajit Chaudhuri Vivek Narasayya Microsoft Research Microsoft Research Microsoft Research [email protected] [email protected] [email protected] Abstract large number of recent papers in this area, most of the Automatically selecting an appropriate set of prior work considers the problems of index selection and materialized views and indexes for SQL materialized view selection in isolation. databases is a non-trivial task. A judicious choice Although indexes and materialized views are similar, must be cost-driven and influenced by the a materialized view is much richer in structure than an workload experienced by the system. Although index since a materialized view may be defined over there has been work in materialized view multiple tables, and can have selections and GROUP BY selection in the context of multidimensional over multiple columns. In fact, an index can logically be (OLAP) databases, no past work has looked at considered as a special case of a single-table, projection the problem of building an industry-strength tool only materialized view. This richness of structure of for automated selection of materialized views materialized views makes the problem of selecting and indexes for SQL workloads. In this paper, materialized views significantly more complex than that we present an end-to-end solution to the problem of index selection. We therefore need innovative of selecting materialized views and indexes. We techniques for dealing with the large space of potentially describe results of extensive experimental interesting materialized views that are possible for a given evaluation that demonstrate the effectiveness of set of SQL queries and updates over a large schema.
    [Show full text]
  • Materialized Views
    MATERIALIZED VIEWS - WISSENSWERTES UND NEUERUNGEN IN 12C AUTHOR: JONAS GASSENMEYER www.syntegris.de © SYNTEGRIS INFORMATION SOLUTIONS GMBH Mein Haus, mein Auto,… [email protected] @gassenmj Stand 42 © SYNTEGRIS INFORMATION SOLUTIONS GMBH AGENDA . Vorstellung (2 Minuten) . Use Case Pharma Konzern (3 Minuten) •Wissenswertes (vor 12c) .Was ist eine MV, (SQL Hinterlegen und Index drauf) (2 Minuten) .Query Rewrite (1 Minuten) .Atomic_refresh (5 Minuten) .Tablespace (1 Minute) .Fast refresh (incrementell) (5 Minuten) .„es kommt drauf an“ (1 Minuten) • Out of place refresh . Prebuilt table (3 Minuten) . Demo (3 Minuten) • On Statement MVs . Erklärung (3 Minuten) . Demo (3 Minuten) • Real time MVs . Erklärung (3 Minuten) . Demo (3 Minuten) Refresh Statistiken .Erklärung (3 Minuten) .Demo (3 Minuten) .Bug? Fazit (3 Minuten) © SYNTEGRIS INFORMATION SOLUTIONS GMBH Use Case - Aggregation Table Table Table complex Tables MView fast select Report aggregation runs when user runs at night requests the report Materialized View pre-computes result sets © SYNTEGRIS INFORMATION SOLUTIONS GMBH Use Case - Replication › Use Case - Replication Database Local DB MView Link Table Remote DB Data Materialized View copies remote data to local DB © SYNTEGRIS INFORMATION SOLUTIONS GMBH Real World Example? © SYNTEGRIS INFORMATION SOLUTIONS GMBH Chemical Substances › Ordering Vials/Tubes/Plates Differ on each Site → Aggregation From ca. 50 Mio aggregated to ca. 6.5 Mio › Metadata about Substances Same on each Site → Replication Ca. 18.5 Mio © SYNTEGRIS INFORMATION
    [Show full text]
  • User Defined Functions and Materialized Views in Cassandra
    UDF/UDA & Materialized Views in Depth DuyHai DOAN, Apache Cassandra™ Evangelist Trademark Policy From now on … Cassandra ⩵ Apache Cassandra™ 2 @doanduyhai Materialized Views (MV) @doanduyhai Why Materialized Views ? • Relieve the pain of manual denormalization CREATE TABLE user( id int PRIMARY KEY, country text, … ); CREATE TABLE user_by_country( country text, id int, …, PRIMARY KEY(country, id) ); 4 @doanduyhai Materialzed View In Action CREATE MATERIALIZED VIEW user_by_country AS SELECT country, id, firstname, lastname FROM user WHERE country IS NOT NULL AND id IS NOT NULL PRIMARY KEY(country, id) CREATE TABLE user_by_country ( country text, id int, firstname text, lastname text, PRIMARY KEY(country, id)); 5 @doanduyhai Materialzed View Syntax CREATE MATERIALIZED VIEW [IF NOT EXISTS] keyspace_name.view_name Must select all primary key columns of base table AS SELECT column , column , ... 1 2 • IS NOT NULL condition for now • more complex conditions in future FROM keyspace_name.table_name WHERE column1 IS NOT NULL AND column2 IS NOT NULL ... • at least all primary key columns of base table PRIMARY KEY(column1, column2, ...) (ordering can be different) • maximum 1 column NOT pk from base table 6 @doanduyhai Materialized Views Demo 7 Materialized View Impl C* C* ① C* C* • send mutation to all replicas • waiting for ack(s) with CL UPDATE user SET country=‘FR’ C* C* WHERE id=1 C* C* 8 @doanduyhai Materialized View Impl C* C* ② * * C C Acquire local lock on base table partition UPDATE user SET country=‘FR’ C* C* WHERE id=1 C* C* 9 @doanduyhai
    [Show full text]
  • Reducing Intermediate Results for Incremental Updates of Materialized Views
    Purdue University Purdue e-Pubs Department of Computer Science Technical Reports Department of Computer Science 1996 Reducing Intermediate Results for Incremental Updates of Materialized Views Tetsuya Furukawa Ahmed K. Elmagarmid Purdue University, [email protected] Report Number: 96-037 Furukawa, Tetsuya and Elmagarmid, Ahmed K., "Reducing Intermediate Results for Incremental Updates of Materialized Views" (1996). Department of Computer Science Technical Reports. Paper 1292. https://docs.lib.purdue.edu/cstech/1292 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. REDUCING INTERMEDIATE RESULTS FOR INCREMENTAL UPDATES OF MATERIALIZED VIEWS Tetsuya Furukawa Ahmed K. Elmagannid CSD TR-96-037 June 1996 Reducing Intermediate Results for Incremental Updates of Materialized Views Tetsuya FurukawaH and Ahmed K. Elmagarmidt t Dept. Computer Science, Purdue University West Larayette, IN 47907, USA {furukawa, ake}@cs.purdue.edu :I: Dept. Economic Engineering, Kyushu University Fukuoka 812-81, Japan [email protected] Abstract To increase retrieval query processing efficiency, views are sometimes materialized in database systems. Since materialized views have to be consistent with their original data, they are updated according to updates of the original data. Materialized view update, how­ ever, becomes complicated when the view definition includes projection because one view data corresponds to several original data. This paper shows how to reduce the intermediate results to increase query processing efficiency when a materialized view defined with projec­ tion is updated. We need three steps to update materialized views, to get which view data corresponds with the updated original data, to check whether it indeed have to be updated, and to update the view data.
    [Show full text]
  • DB2 UDB's High Function Business Intelligence in E-Business
    Front cover DB2 UDB’s High Function Business Intelligence in e-business Exploit DB2’s materialized views (ASTs/MQTs) feature Leverage DB2’s statistics, analytic and OLAP functions Review sample business scenarios Nagraj Alur Peter Haas Daniela Momiroska Paul Read Nicholas Summers Virginia Totanes Calisto Zuzarte ibm.com/redbooks International Technical Support Organization DB2 UDB’s High-Function Business Intelligence in e-business September 2002 SG24-6546-00 Take Note! Before using this information and the product it supports, be sure to read the general information in “Notices” on page xvii. First Edition (September 2002) This edition applies to all operating system platforms that DB2 UDB Version 8 supports. Comments may be addressed to: IBM Corporation, International Technical Support Organization Dept. QXXE Building 80-E2 650 Harry Road San Jose, California 95120-6099 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 2002. All rights reserved. Note to U.S Government Users – Documentation related to restricted rights – Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Contents Figures . vii Tables . .xi Examples. xiii Notices . xvii Trademarks . xviii Preface . xix The team that wrote this redbook. xx Notice . xxii Comments welcome. xxii Chapter 1. Business Intelligence overview. 1 1.1 e-business drivers . 2 1.1.1 Impact of e-business . 5 1.1.2 Importance of BI . 7 1.2 IBM’s BI strategy and offerings .
    [Show full text]
  • Introduction and Data Models
    NoSQL systems: introduction and data models Riccardo Torlone Università Roma Tre Leveraging the NoSQL boom 2 CREDITS: Jimmy Lin (University of Maryland) Why NoSQL? In the last fifty years relational databases have been the default choice for serious data storage. An architect starting a new project: your only choice is likely to be which relational database to use. often not even that, if your company has a dominant vendor. In the past, other proposals for database technology: deductive databases in the 1980’s object databases in the 1990’s XML databases in the 2000’s these alternatives never got anywhere. 3 CREDITS: Jimmy Lin (University of Maryland) The Value of Relational Databases Effective and efficient management of persistent data Concurrency control Data integration A standard data model A standard query language 4 CREDITS: Jimmy Lin (University of Maryland) Impedance Mismatch Difference between the persistent data model and the in-memory data structures 5 CREDITS: Jimmy Lin (University of Maryland) A proposal to solve the problem (1990s) Databases that replicate the in-memory data structures to disk Object-oriented databases! Faded into obscurity in a few years.. Solution emerged: 6 object-relational mapping frameworks CREDITS: Jimmy Lin (University of Maryland) Evolution of applications OO databases are dead. Why? SQL provides an integration mechanism between applications The database acts as an integration database Multiple applications one database 2000s: a distinct shift to application databases (SOA) Web services add more flexibility for the data structure being exchanged richer data structures to reduce the number of round trips nested records, lists, etc. usually represented in XML or JSON.
    [Show full text]
  • Cost Models for Selecting Materialized Views in Public Clouds
    IGI Global Microsoft Word 2007 Template Reference templateInstructions.pdf for detailed instructions on using this document. Cost Models for Selecting Materialized Views in Public Clouds Romain Perriot Clermont Université, CNRS, Université Blaise Pascal, LIMOS UMR 6158 [email protected] Jérémy Pfeifer Clermont Université, CNRS, Université Blaise Pascal, LIMOS UMR 6158 [email protected] Laurent d’Orazio Clermont Université, CNRS, Université Blaise Pascal, LIMOS UMR 6158 [email protected] Bruno Bachelet Clermont Université, CNRS, Université Blaise Pascal, LIMOS UMR 6158 [email protected] Sandro Bimonte IRSTEA, UR TSCF, Clermont-Ferrand [email protected] Jérôme Darmont Université de Lyon (Laboratoire ERIC) [email protected] Abstract Data warehouse performance is usually achieved through physical data structures such as indexes or materialized views. In this context, cost models can help select a relevant set ofsuch performance optimization structures. Nevertheless, selection becomes more complex in the cloud. The criterion to optimize is indeed at least two-dimensional, with monetary cost balancing overall query response time. This paper introduces new cost models that fit into the pay-as-you-go paradigm of cloud computing. Based on these cost models, an optimization problem is defined to discover, among candidate views, those to be materialized to minimize both the overall cost of using and maintaining the database in a public cloud and the total response time ofa given query workload. We experimentally show that maintaining materialized views is always advantageous, both in terms of performance and cost. 1. Introduction Recently, cloud computing, led by companies such as Google, Microsoft and Amazon, attracted special attention.
    [Show full text]