The current SQL standard for access control is coarse grained, in that it grants access to all rows of a table or none. Fine-grained access control, which allows control of access at the granularity of individual rows, and to specific columns within those rows, is required in practically all database applications. There are several models for fine grained access control, but the majority of them follow a view replacement strategy. There are two significant problems with most implementations of the view replacement model, namely (a) the unnecessary overhead of the access control predicates when they are redundant and (b) the potential of information leakage through channels such as user-defined functions, and operations that cause exceptions and error messages. We first propose techniques for redundancy removal. We then define when a query plan is safe with respect to UDFs and other unsafe functions, and propose techniques to generate safe query plans. We have prototyped redundancy removal and safe UDF pushdown on the Microsoft SQL Server query optimizer, and present a preliminary performance study.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Rakesh Agrawal , Paul Bird , Tyrone Grandison , Jerry Kiernan , Scott Logan , Walid Rjaibi, Extending Relational Database Systems to Automatically Enforce Privacy Policies, Proceedings of the 21st International Conference on Data Engineering (ICDE'05), p.1013-1022, April 05-08, 2005  [doi>10.1109/ICDE.2005.64]
	2	Alexander Brodsky , Csilla Farkas , Sushil Jajodia, Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures, IEEE Transactions on Knowledge and Data Engineering, v.12 n.6, p.900-919, November 2000  [doi>10.1109/69.895801 ]
	3	Ashok K. Chandra , Philip M. Merlin, Optimal implementation of conjunctive queries in relational data bases, Proceedings of the ninth annual ACM symposium on Theory of computing, p.77-90, May 04-04, 1977, Boulder, Colorado, United States  [doi>10.1145/800105.803397]
	4	K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu and D. DeWitt, Limiting disclosure in Hippocratic databases, In VLDB, 2004
	5	Goetz Graefe , William J. McKenna, The Volcano Optimizer Generator: Extensibility and Efficient Search, Proceedings of the Ninth International Conference on Data Engineering, p.209-218, April 19-23, 1993
	6	G. Graefe, The Cascades Optimization Framework, Data Engg. Bulletin, 1995
	7	D. Litchfield, Web Application Disassembly with ODBC Error Messages, 2001, http://www.blackhat.com/presen-tations/win-usa-01/Litchfield/BHWin01Litchfield.doc
	8	Amihai Motro, An Access Authorization Model for Relational Databases Based on Algebraic Manipulation of View Definitions, Proceedings of the Fifth International Conference on Data Engineering, p.339-347, February 06-10, 1989
	9	The Virtual Private Database in Oracle9ir2: An Oracle Technical White Paper http://otn.oracle.com/deploy/security/oracle9ir2/pdf/vpd9ir2twp.pdf.
	10	New Security Features in Sybase Adaptive Server Enterprise. Sybase Technical White Paper, 2003.
	11	Shariq Rizvi , Alberto Mendelzon , S. Sudarshan , Prasan Roy, Extending query rewriting techniques for fine-grained access control, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France  [doi>10.1145/1007568.1007631]
	12	A. Rosenthal and E. Sciore. Abstracting and Refining Authorization in SQL. In Secure Data Management (SDM) workshop, In VLDB, 2004.
	13	Michael Stonebraker , Eugene Wong, Access control in a relational data base management system by query modification, Proceedings of the 1974 annual conference, p.180-186, January 1974  [doi>10.1145/800182.810400]