Designing a SQL query rewriter to enforce database Row Level Security
Author(s)
Zhang, Xiao Meng, M. Eng Massachusetts Institute of Technology
DownloadFull printable version (1.818Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Samuel R. Madden.
Terms of use
Metadata
Show full item recordAbstract
This thesis presents the design and implementation of Row Level Security, a fine-grained access control mechanism built on top of a database-agnostic data sharing platform called DataHub. Existing access control mechanisms for database systems are typically coarse-grained, in the sense that users are either given access to an entire database table or nothing at all. This is problematic with the rise in popularity of data sharing, where users want to share subsets of data in a table with others, rather than the entire table. Row Level Security addresses this problem by allowing users to create security policies that define subsets of data others are able to access, and enforces security policies through a query rewrite mechanism. This work presents Row Level Security, as well as an evaluation of its performance overhead costs and ease of use.
Description
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 73-74).
Date issued
2016Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.