Inférence de règles de contrôle d'accès pour assurer la confidentialité des données au niveau des vues matérialisées

Sarah Nait Bahloul 1, 2
2 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : In this thesis, we address the problem of data confidentiality. We propose a new approach to facilitate the administration of access control policies to ensure confidentiality of data in materialized views. In relational databases, a view is a virtual table representing the result of a query. Unlike a simple view, a materialized view persistently stores the data in a table. The latter can be queried like any other database table. We then need to control the access to the materialized view. Among the various models proposed for controlling access to base relations, we choose to express fine-grained access control through authorization views. We propose to infer, from the basic authorization views attached to the base tables, authorization views that will be attached to the materialized views. Tackling this problem amounts to address a fundamental problem in relational databases : How to characterize computable information from two sets of views ? We handle this problem by resorting to query rewriting. We adapt the query rewriting algorithm MiniCon to the context of materialized views with access control and propose the H MiniCon+ algorithm which is based on successive rewritings. We mainly consider conjunctive queries with equalities. We study the properties of our approach. We show that our algorithm can calculate a correct set of views, i.e. any computable information from the generated views is calculable from the two sets of views. In order to prove the termination of our algorithm, we define rewriting trees generated by the application of 1-l MiniCon+ and we study their features. We characterize in which case a tree is finite and show that the approach is maximal, i.e., any derivable information from the two sets of views can be derived from the set of generated views. We characterize in which case the algorithm could not terminate i.e., infinite application of the query rewriting algorithm. In this case, it is impossible to determine the maximality of results and this remains an open problem. We implemented a prototype of the approach and we led some experiments by using synthetic data sets
Document type :
Theses
Complete list of metadatas

Cited literature [55 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01162034
Contributor : Abes Star <>
Submitted on : Tuesday, June 9, 2015 - 3:52:07 PM
Last modification on : Wednesday, November 20, 2019 - 3:09:17 AM
Long-term archiving on: Tuesday, September 15, 2015 - 1:46:16 PM

File

TH2013NaitBahloulSarah.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01162034, version 1

Citation

Sarah Nait Bahloul. Inférence de règles de contrôle d'accès pour assurer la confidentialité des données au niveau des vues matérialisées. Autre [cs.OH]. Université Claude Bernard - Lyon I, 2013. Français. ⟨NNT : 2013LYO10242⟩. ⟨tel-01162034⟩

Share

Metrics

Record views

510

Files downloads

739