A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

In this paper, we propose a novel, model-driven approach for enforcing fine-grained access control (FGAC) policies when executing SQL queries. More concretely, we define a function SecQuery() that, given an FGAC policy 𝒮 and an SQL select-statement q , generates an SQL stored-procedure ⌜ Sec-Query (𝒮, q)⌝ , such that: if a user u is authorized, according to 𝒮 , to execute q , then calling ⌜SecQuery(𝒮, q)⌝ (u) returns the same result that when u executes q ; otherwise, if the user u is not authorized, according to 𝒮 , to execute q , then calling ⌜SecQuery(𝒮, q)⌝ (u) signals an error. The stored-procedure SecQuery(𝒮, q) implements the appropriate FGAC authorization-checks for executing the query q , according to the policy 𝒮 . As expected, the execution of the query q takes less time than calling the stored-procedure ⌜SecQuery(𝒮, q)⌝ . Moreover, evaluating the (sub)-queries corresponding to authorization-checks will take (more or less) time, depending on the “complexity” of the underlying policies. To illustrate this performance-issue, we have included in this paper some experimental results regarding the performance overhead incurred by executing the (secured) stored-procedure corresponding to (unsecured) queries. Finally, we have implemented our model-driven approach for enforcing FGAC policies for SQL queries in an open-source project, called SQL Security Injector (SQLSI).