Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Scalable Enforcement of Fine Grained Access Control Policies in Relational Database Management Systems

Anadi Shakya, Primal Pappachan, David Maier, Roberto Yus, Sharad Mehrotra, Johann-Christoph Freytag

TL;DR

FGAC enforcement in relational DBMSs faces severe scalability challenges as policy corpora grow under privacy regulations. The paper presents Sieve, a middleware that rewrites queries into guarded expressions (GEs) and extends them with a cache to reuse GEs across similar queries, dramatically reducing policy evaluation overhead. It formalizes a policy model with data, query context, and ABAC-like semantics, and introduces cost-based guard generation and a clock-based cache replacement with a merge-aware refresh strategy. Empirical evaluations on two DBMSs with real and synthetic datasets show Sieve achieves 2x–10x improvements in static policy evaluation and 6–22% gains from caching under dynamic workloads, confirming its applicability to real-time FGAC in IoT and smart environments.

Abstract

The proliferation of smart technologies and evolving privacy regulations such as the GDPR and CPRA has increased the need to manage fine-grained access control (FGAC) policies in database management systems (DBMSs). Existing approaches to enforcing FGAC policies do not scale to thousands of policies, leading to degraded query performance and reduced system effectiveness. We present Sieve, a middleware for relational DBMSs that combines query rewriting and caching to optimize FGAC policy enforcement. Sieve rewrites a query with guarded expressions that group and filter policies and can efficiently use indexes in the DBMS. It also integrates a caching mechanism with an effective replacement strategy and a refresh mechanism to adapt to dynamic workloads. Experiments on two DBMSs with real and synthetic datasets show that Sieve scales to large datasets and policy corpora, maintaining low query latency and system load and improving policy evaluation performance by between 2x and 10x on workloads with 200 to 1,200 policies. The caching extension further improves query performance by between 6 and 22 percent under dynamic workloads, especially with larger cache sizes. These results highlight Sieve's applicability for real-time access control in smart environments and its support for efficient, scalable management of user preferences and privacy policies.

Scalable Enforcement of Fine Grained Access Control Policies in Relational Database Management Systems

TL;DR

FGAC enforcement in relational DBMSs faces severe scalability challenges as policy corpora grow under privacy regulations. The paper presents Sieve, a middleware that rewrites queries into guarded expressions (GEs) and extends them with a cache to reuse GEs across similar queries, dramatically reducing policy evaluation overhead. It formalizes a policy model with data, query context, and ABAC-like semantics, and introduces cost-based guard generation and a clock-based cache replacement with a merge-aware refresh strategy. Empirical evaluations on two DBMSs with real and synthetic datasets show Sieve achieves 2x–10x improvements in static policy evaluation and 6–22% gains from caching under dynamic workloads, confirming its applicability to real-time FGAC in IoT and smart environments.

Abstract

The proliferation of smart technologies and evolving privacy regulations such as the GDPR and CPRA has increased the need to manage fine-grained access control (FGAC) policies in database management systems (DBMSs). Existing approaches to enforcing FGAC policies do not scale to thousands of policies, leading to degraded query performance and reduced system effectiveness. We present Sieve, a middleware for relational DBMSs that combines query rewriting and caching to optimize FGAC policy enforcement. Sieve rewrites a query with guarded expressions that group and filter policies and can efficiently use indexes in the DBMS. It also integrates a caching mechanism with an effective replacement strategy and a refresh mechanism to adapt to dynamic workloads. Experiments on two DBMSs with real and synthetic datasets show that Sieve scales to large datasets and policy corpora, maintaining low query latency and system load and improving policy evaluation performance by between 2x and 10x on workloads with 200 to 1,200 policies. The caching extension further improves query performance by between 6 and 22 percent under dynamic workloads, especially with larger cache sizes. These results highlight Sieve's applicability for real-time access control in smart environments and its support for efficient, scalable management of user preferences and privacy policies.

Paper Structure

This paper contains 38 sections, 3 theorems, 12 equations, 22 figures, 13 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Problem Setting
  3. Smart Campus Case Study
  4. Sieve approach to FGAC
  5. Modeling Policy-Driven Data Processing
  6. Overview of Sieve Approach
  7. Creating Guarded Expressions
  8. Generating Candidate Guards
  9. Selecting Cost Optimal Guards
  10. Caching Approach in Sieve
  11. Replacement Strategy
  12. Refresh Strategy
  13. Implementing Sieve
  14. Persistence of Policies and Guards
  15. Implementing Policy Guarded Expression
  16. ...and 23 more sections

Key Result

Theorem 1

Given two candidate guards ${\tt oc}^{x}_{c}$ = ($attr^{x}_{1}, op^{x}_{1}$, $val^{x}_{1}, op^{x}_{2}, val^{x}_{2}$) $\in {\tt OC}^{x}_{}$, ${\tt oc}^{y}_{c} = (attr^{y}_{1}, op^{y}_{1}, val^{y}_{1}, op^{y}_{2}, val^{y}_{2}) \in {\tt OC}^{y}_{}$ such that $attr^{x}_{1} = attr^{y}_{1}$ and $attr^{x}_

Figures (22)

  • Figure 1: Users and their relationships in a Smart Campus Scenario.
  • Figure 2: FGAC enforcement comparison (a) Traditional FGAC checks all policies per query, causing high execution time (3069ms). (b) Sieve uses query metadata (QM) to fetch only relevant policies and reuses planning via caching, reducing execution to 305ms and planning to 156ms.
  • Figure 3: Guarded Expression size vs. generation time.
  • Figure 4: Caching Mechanism: (a) Cache Replacement Strategy; (b) Cache Refresh Strategy.
  • Figure 5: Guard generation time.
  • ...and 17 more figures

Theorems & Definitions (3)

  • Theorem 1
  • Corollary 1.1
  • Corollary 1.2