securing materialized views a rewriting based approach
play

Securing Materialized Views: a Rewriting-Based Approach Sarah Nait - PowerPoint PPT Presentation

Mar 11, 2023 •100 likes •421 views

Securing Materialized Views: a Rewriting-Based Approach Sarah Nait Bahloul, Emmanuel Coquery and Mohand-Sad Hacid Universit de Lyon, France First Franco-American Workshop Security Outline Context Problem statement Related work

  1. Securing Materialized Views: a Rewriting-Based Approach Sarah Nait Bahloul, Emmanuel Coquery and Mohand-Saïd Hacid Université de Lyon, France First Franco-American Workshop Security

  2. Outline ฀ Context ฀ Problem statement ฀ Related work ฀ Authorization views ฀ Rewriting-based approach ฀ Approach properties ฀ Security ฀ Termination ฀ Maximality ฀ Conclusion 1

  3. Context ● Data security ○ Confidentiality, Integrity, Availability,… ● Materialized views ○ Used in decision and distributed systems: Data warehouses, Mediators, … ○ Store the results returned by a query ■ They can be used as any other table. ➔ Ensuring confidentiality of materialized view data is also important. 2

  4. Problem Statement ● How to ensure Security at the materialized view level? Query Access Control DB Policies on DB User Query Inference Evaluation Query Views Definition Access Control MV Policies on MV 3

  5. Related Work Granularity Derived access control policies [Ros&Sci IFIP’01] Coarse Defined on base relations Fine Defined on base relations [Cuz&al. IDEAS’10] Our approach Fine Defined on MVs 4

  6. Our approach Query evaluation Definition of MVs Definition of MV Authorization views on DB DB Authorization ? (AV) MV views on MV Relational framework ➔ Conjunctive queries by ➔ allowing equalities H MiniCon + Algorithm H MiniCon: MiniCon ➔ algorithm in the security context Set of authorization views based on MV Desired properties: Secure and Maximum 5

  7. Desired Properties ● Security: The generated views should not give access to information that are not allowed by the basic authorization views. ● Maximality: Generated views should return as much information as possible, while satisfying the secure property. 6

  8. Access control policies ● Fine grained Access Control model based on “Authorization Views” [Riz&al. SIGMOD’04] . ○ Authorization views are logical tables that specify exactly the accessible data, either drawn from a single table or from multiple tables. ○ An authorization view can be a traditional relational view or a parameterized view Allowing fine grained authorization at the cell-level. ■ Parameterized views provide an efficient and powerful way of ■ expressing fine grained authorization policies. 7

  9. Access control policies - Example Relations: patients (IdP, IdD, Snum, Pname, Pfname, Disease). Create authorization view patients_info as SELECT Pname, Pfname FROM patients WHERE Snum = 1; Datalog: patients_info (Pname, Pfname) ← patients (IdP, IdD, Snum, Pname, Pfname, Disease), Snum = 1; 8

  10. Access control policies ● Authorization-transparent querying ○ A Query makes reference to base relations ○ System can ■ Accept the query, if it can rewrite it using only authorization views ■ Reject the query ● Directly Querying only the authorization views ● Our proposal is independent of the way the MV(s) are accessed. ○ We assume in our approach that the user can query only the authorization views. 9

  11. Information non-disclosure ● Determine which set of tuples can be accessed without disclosure information. Authorization view: av(x’) ← patients(x’,y’). Materialized view definition: mv(x) ← patients(x,y), emergency(x,y). Authorization view on the materialized view: avmv(x) ← mv(x). There is no authorized access to mv to ensure the information ● non-disclosure. 10

  12. H MiniCon Algorithm ● Adaptation of a query rewriting algorithm to the security context. ● MiniCon algorithm: proposed as an efficient method for answering queries using views [Pot&Lev VLDB’00] . ○ It takes as input a query q and a set of views V and calculates all possible rewritings of q using views in V, such that: rw c q ● Condition: Each rewriting must have the same head variables as the query. 11

  13. Why adapt MiniCon? Query: q(x,y) ← patients(x,y). Views: v(x’) ← patients(x’,y’). ● For the traditional MiniCon Algorithm, this view is not relevant. ○ The condition regarding the head variables is not satisfied. ● In the security context, this view is relevant ○ Conjunctive rewriting: rw(x) ← v(x). ➔ First adaptation: Relaxing the condition on the head variables. ➔ Second adaptation: Adding variables that are newly introduced in the rewriting as head variables. 12

  14. Double rewriting ● It Exploits a double query rewriting based on the H MiniCon query rewriting algorithm. ● It takes as input a set Q of queries to be rewritten and two sets of views AV and MV ➔ Q: Complete queries on MV ➔ AV: Authorization views ➔ MV: Materialized views definitions 13

  15. H MiniCon + Queries (Full access on MV) For each query q Rewriting using AV Add rw to queries Rewriting using MV For each rewriting rw Subsumption test : If rw contains q No Yes Generated views 14

  16. Properties of H MiniCon + Algorithm 15

  17. Security property Property: Given the three sets AV , MV and AVMV (the set of generated views by H MiniCon + algorithm), For each query on AVMV, there exists: q AVMV ≡ q AV et q AVMV ≡ q MV 16

  18. Termination ● Rewriting tree ● Atom tree ● History of a node 17

  19. Rewriting Tree ● Let q be a query to rewrite, AV and q MV are two sets of views. The rewriting tree associated with q is rw 11 rw 12 rw 13 defined as follows: ○ The root is the query q. rw 21 rw 23 rw 22 ○ The nodes of depth k+1 are rewritings H MiniCon generated by the rw 32 rw 31 algorithm by rewriting nodes of depth k using the set AV or MV. ○ A node n k+1 is a child of a node n k if rw 41 n k+1 is a rewriting of n k . Views returned by the algorithm 18

  20. Atom tree ● Given a branch X = B 0 ,B 1 ,... of a rewriting tree RT , the atom tree AT of RT is defined as: patients (x,y) q ○ The root is an anonymous node r. rw 12 patients (x, y 1 ) treatments (y 1 , z 2 ) ○ Nodes at depth k+1 are occurrences of atoms of B k , noted g k . rw 23 patients (x, y 1 ) treatments (y 1 , z 3 ) doctors (z 3 , t 1 ) g k+1 is a child of g k of type: ○ Direct: If it is mapped to g k at the ➔ construction of the rewriting Direct child Indirect: If g k+1 belongs to the ➔ Indirect child expansion of view v used to Anonymous node rewrite g k and g k+1 has no Direct parent. 19

  21. Potential infinite loop in the rewriting process Example 1 MV: AV: mv 1 (x,y) ← r 1 (x,y). av 1 (x,y) ← r1(x,y),r2(y,z). mv 2 (x,y) ← r2(x,y),r1(y,z). av 2 (x,y) ← r2(x,y). r 1 (x,y) av 1 r 2 (y 1 , y 2 ) r 1 (x, y 1 ) mv 2 r 1 (x, y 1 ) r 2 (y 1 , y 3 ) r 1 (y 3 , y 4 ) av 1 r 1 (y 3 , y 6 ) r 1 (x, y 5 ) r 2 (y 5 , y 3 ) r 2 (y 6 , y 7 ) mv 2 r 1 (x, y 5 ) r 1 (y 8 , y 6 ) r 1 (y 9 , y 10 ) r 2 (y 5 , y 8 ) r 2 (y 6 , y 9 ) 20

  22. Potential infinite loop in the rewriting process Example 2 MV: AV: mv1(x,y) ← r1(x,y),r3(y,z). av1(x,y) ← r1(x,y),r2(y,z). mv2(x,y) ← r2(x,y). av2(x,y) ← r2(x,y). mv3(x,y) ← r3(x,y). av3(x,y) ← r3(x,y). r 1 (x,y) r 3 (y,z 1 ) av 1 r 3 (y, z 1 ) r 1 (x,y) r 2 (y, z 2 ) mv 1 r 1 (x,y) r 3 (y, z 3 ) r 2 (y, z 2 ) r 3 (y, z 1 ) av 1 r 1 (x,y) r 2 (y, z 4 ) r 3 (y, z 3 ) r 2 (y, z 2 ) r 3 (y, z 1 ) mv 1 r 3 (y, z 3 ) r 2 (y, z 2 ) r 1 (x,y) r 3 (y, z 5 ) r 2 (y, z 4 ) r 3 (y, z 1 ) 21

  23. Node information ● For each node, we have: View: a v 1 Cpos: 2 patients (x,y) Ppos:1 ○ view(g k+1 ) = v; ○ cpos(g k+1 ) the position of patients (x, y 1 ) treatments (y 1 , z 2 ) the atom matching g k+1 in v; ○ ppos(g k+1 ) the position of patients (x, y 1 ) treatments (y 1 , z 3 ) doctors (z 3 , t 1 ) the atom matching g k in v; ○ type(g k+1 ) = Direct or Direct child Indirect Indirect child Anonymous node 22

  24. History of nodes ● For each node g in AT except for the root, History(g) is a list defined as follows: ○ if g is a child of the root, then History(g) = [pos] where pos is the position of g in the query; ○ if type(g) = Indirect then: History(g) = History(parent(g)) + [(view(g),cpos(g),ppos(g))] ○ otherwise, History(g) = History(parent(g)) 23

  25. History of nodes - Example [1] r 1 (x,y) [1,[av 1 ,1,2]] av 1 r 2 (y 1 , y 2 ) r 1 (x, y 1 ) mv 2 r 1 (y 3 , y 4 ) r 1 (x, y 1 ) r 2 (y 1 , y 3 ) [1,[av 1 ,1,2],[mv 2 ,1,2] ,[av 1 ,1,2]] av 1 r 1 (y 3 , y 6 ) r 1 (x, y 5 ) r 2 (y 5 , y 3 ) r 2 (y 6 , y 7 ) mv 2 [1] r 1 (x, y 5 ) r 1 (y 8 , y 6 ) r 1 (y 9 , y 10 ) r 2 (y 5 , y 8 ) r 2 (y 6 , y 9 ) [1,[mv 1 ,1,2],[av 2 ,1,2]] 24

  26. Real VS Virtual nodes Real node r 1 (x,y) r 3 (y,z 1 ) Virtual node r 3 (y, z 1 ) r 1 (x,y) r 2 (y, z 2 ) r 1 (x,y) r 3 (y, z 3 ) r 2 (y, z 2 ) r 3 (y, z 1 ) r 1 (x,y) r 2 (y, z 4 ) r 3 (y, z 3 ) r 2 (y, z 2 ) r 3 (y, z 1 ) r 3 (y, z 3 ) r 2 (y, z 2 ) r 1 (x,y) r 3 (y, z 5 ) r 2 (y, z 4 ) r 3 (y, z 1 ) [1,[mv 1 ,1,2]] 25

  27. Termination under constraints Theorem 1 Let us consider a query q and two sets of views AV and MV. If for every branch X of the effective rewriting tree RT (q) generated by H MiniCon + (q, AV, MV) and for every node g of the atom tree AT of X, History (g) does not contain any duplicate triple, then RT is finite. 26

  28. Maximality property Property: Given the three sets AV , MV and AVMV (the set of generated views by H MiniCon + algorithm) and for each query on AV and each query on MV, such that: q AV ≡ q MV Then, there exists a query on AVMV, such that: q AVMV ≡ q AV ≡ q MV 27

Recommend

An Evolutionary Approach to Materialized Views Selection in a Data Warehouse Environment by

An Evolutionary Approach to Materialized Views Selection in a Data Warehouse Environment by

An Evolutionary Approach to Materialized Views Selection in a Data Warehouse Environment by Andreas Winter based on work of Chuan Zhang, Xin Yao, Senior Member , IEEE , and Jian Yang December 3rd 2003 Seminar Self-Tuning Databases 1 Structure

334 views • 15 slides
Efficient Maintenance of Materialized Top- k Views Ke Yi, Hai Yu, Jun Yang Dept. of Computer

Efficient Maintenance of Materialized Top- k Views Ke Yi, Hai Yu, Jun Yang Dept. of Computer

Efficient Maintenance of Materialized Top- k Views Ke Yi, Hai Yu, Jun Yang Dept. of Computer Science, Duke University Gangqiang Xia, Yuguo Chen Inst. of Statistics and Decision Sciences, Duke University 2 Materialized top- k views Base

258 views • 22 slides
Lazy Maintenance of Materialized Views Jingren Zhou, Microsoft Research, USA Paul Larson,

Lazy Maintenance of Materialized Views Jingren Zhou, Microsoft Research, USA Paul Larson,

Lazy Maintenance of Materialized Views Jingren Zhou, Microsoft Research, USA Paul Larson, Microsoft Research, USA Hicham G. Elmongui, Purdue University, USA Introduction 2 Materialized views Speed up query execution time by orders of

962 views • 26 slides
Autonomous ETL With Materialized Views Abhishek Somani, Adesh Rao May 2018 Agenda 1. Standard

Autonomous ETL With Materialized Views Abhishek Somani, Adesh Rao May 2018 Agenda 1. Standard

Autonomous ETL With Materialized Views Abhishek Somani, Adesh Rao May 2018 Agenda 1. Standard techniques for structuring data for SQL-on-Hadoop (Hive, Presto, Spark etc) 2. Difficulties in structuring data 3. A case for Materialized Views

921 views • 48 slides
Dont forget materialized views Stephanie Baltus Sr. Software engineer 1 About 2 A bit of

Dont forget materialized views Stephanie Baltus Sr. Software engineer 1 About 2 A bit of

Dont forget materialized views Stephanie Baltus Sr. Software engineer 1 About 2 A bit of theory Agenda 3 Concrete use case 4 Wrap-Up About Me Loves cats, sneakers, sport 11 years in data ecosystem Consulting, Leboncoin,

807 views • 44 slides
Structured Materialized Views for XML Queries Andrei Arion 1 , 2 eronique Benzaken 2 V Ioana

Structured Materialized Views for XML Queries Andrei Arion 1 , 2 eronique Benzaken 2 V Ioana

Structured Materialized Views for XML Queries Andrei Arion 1 , 2 eronique Benzaken 2 V Ioana Manolescu 1 Yannis Papakonstantinou 3 1 GEMO Project, INRIA Futurs firstname.lastname@inria.fr 2 Laboratoire de Recherche en Informatique, University

1.15k views • 86 slides
A Semantic Approach to the Analysis of Rewriting-Based Systems Salvador Lucas DSIC, Universitat

A Semantic Approach to the Analysis of Rewriting-Based Systems Salvador Lucas DSIC, Universitat

A Semantic Approach to the Analysis of Rewriting-Based Systems Salvador Lucas DSIC, Universitat Polit` ecnica de Val` encia, Spain 27 th International Symposium on Logic-Based Program Synthesis and Transformation, LOPSTR 2017 1 Salvador

358 views • 19 slides
Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language capture local tree information by rewriting the grammar so that the rules capture the Processing regularities we want. By splitting and merging the

417 views • 5 slides
CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges --

CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges --

CLICKHOUSE MATERIALIZED VIEWS A SECRET WEAPON FOR HIGH PERFORMANCE ANALYTICS Robert Hodges -- Percona Live 2018 Amsterdam Introduction to Presenter Robert Hodges - Altinity CEO www.altinity.com 30+ years on DBMS plus Leading software and

683 views • 23 slides
Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin Department of Computer Science, The University of Texas at Dallas Presented by David Gloe Outline Introduction

576 views • 23 slides
Easy Freshness with Pequod Cache Joins Bryan Kate, Eddie Kohler, Mike Kester Harvard University

Easy Freshness with Pequod Cache Joins Bryan Kate, Eddie Kohler, Mike Kester Harvard University

Easy Freshness with Pequod Cache Joins Bryan Kate, Eddie Kohler, Mike Kester Harvard University Yandong Mao, Neha Narula, Robert Morris MIT tl;dr Web application caches should support materialized views natively. In-cache materialized views

821 views • 46 slides
On a rewriting approach to satisfiability procedures: extension, combination of theories and an

On a rewriting approach to satisfiability procedures: extension, combination of theories and an

Outline Motivation Rewrite-based satisfiability: new results Experimental appraisal Summary On a rewriting approach to satisfiability procedures: extension, combination of theories and an experimental appraisal Maria Paola Bonacina 1

743 views • 53 slides
L1braryPubl1c Securing Effective Teaching for All: Expert Views on the New CPD Standards

L1braryPubl1c Securing Effective Teaching for All: Expert Views on the New CPD Standards

Follow us on Twitter @TeacherDevTrust and share your thoughts using the hashtags: #CPDStandards #TDTConf WiFi code for Durham Town Hall L1braryPubl1c Securing Effective Teaching for All: Expert Views on the New CPD Standards Bridget Clay ,

541 views • 35 slides
Contents/Objectives of the lecture Definition and properties of rewriting Rule-based

Contents/Objectives of the lecture Definition and properties of rewriting Rule-based

Contents/Objectives of the lecture Definition and properties of rewriting Rule-based programming in ELAN Logic and calculus for rewriting Compilation or how to get efficiency? Applications and future developments ESSLII2001

979 views • 62 slides
Contents/Objectives of the lecture Definition and properties of rewriting Rule-based

Contents/Objectives of the lecture Definition and properties of rewriting Rule-based

Contents/Objectives of the lecture Definition and properties of rewriting Rule-based programming in ELAN Logic and calculus for rewriting Compilation or how to get efficiency? Applications and future developments ESSLLI2001

930 views • 74 slides
Views 1 Views A view is a relation defined in terms of stored tables (called base tables )

Views 1 Views A view is a relation defined in terms of stored tables (called base tables )

Views 1 Views A view is a relation defined in terms of stored tables (called base tables ) and other views Two kinds: 1. Virtual = not stored in the database; just a query for constructing the relation 2. Materialized = actually

1.16k views • 103 slides
Foundations of an Outcome-based Approach Purpose 2 Explain the foundations of an

Foundations of an Outcome-based Approach Purpose 2 Explain the foundations of an

Foundations of an Outcome-based Approach Purpose 2 Explain the foundations of an outcome-based approach including performance measurement Outline the Agency's thinking around implementing the approach Explore stakeholder views

190 views • 14 slides
Rewriting Logic and Maude I: An Approach to Formal Modeling and Analysis Carolyn Talcott SRI

Rewriting Logic and Maude I: An Approach to Formal Modeling and Analysis Carolyn Talcott SRI

Rewriting Logic and Maude I: An Approach to Formal Modeling and Analysis Carolyn Talcott SRI International Ancona, April 2007 Plan About rewriting logic Maude features Using Maude Specifying data types Specifying

907 views • 58 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
A Rewriting Approach to the Design and Evolution of Object-Oriented Languages Mark Hills and

A Rewriting Approach to the Design and Evolution of Object-Oriented Languages Mark Hills and

Outline Problem Description Goal Statement Research Method Questions and Discussion A Rewriting Approach to the Design and Evolution of Object-Oriented Languages Mark Hills and Grigore Ro su { mhills, grosu } @cs.uiuc.edu Department of

264 views • 25 slides
Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information

Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information

Tips on Securing Drupal Sites Greg Monroe SolarWind MSP DrupalCamp Atlanta 2018 The information here is my own and not the views of my employer Security the Final Frontier This is a semi-case study based on my experiences Not a Deep Dive

1.25k views • 30 slides
A Rewriting Logic Semantics Approach to Modular Program Analysis Mark Hills 1 su 2 Grigore Ro 1

A Rewriting Logic Semantics Approach to Modular Program Analysis Mark Hills 1 su 2 Grigore Ro 1

Outline Overview The SILF Policy Framework Related Work Conclusion A Rewriting Logic Semantics Approach to Modular Program Analysis Mark Hills 1 su 2 Grigore Ro 1 Centrum Wiskunde & Informatica Amsterdam, The Netherlands

377 views • 26 slides
PhD Thesis Rewriting is a natural environment to formally define the semantics of real-life

PhD Thesis Rewriting is a natural environment to formally define the semantics of real-life

K : A Rewriting Approach to Concurrent Programming Language Design and Semantics PhD Thesis Defense Traian Florin S , erb anut , a University of Illinois at Urbana-Champaign Thesis advisor: Grigore Ros , u Committee members:

953 views • 73 slides
SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web

SANS Securing The Human Training Department of Safety Securing the Human Training Web based Centrally Administrated Divisionally managed Consistent content Central reporting Ability to add custom content (Policy's)

761 views • 10 slides

More recommend