ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM

US 20070244898A1
Filed: 05/10/2007
Published: 10/18/2007
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a relational database, comprising:

receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;

determining user security information from the user security label;

retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;

determining row security information for each of the retrieved rows based on the row'"'"'s security label;

determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and

returning only the rows for which the user is determined to have authorization to access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system and access control methods provide multilevel and mandatory access control for a database management system. The access control techniques provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user'"'"'s security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user'"'"'s security information with the security information in the row. If the user'"'"'s security dominates the row'"'"'s security, the user is given access to the row.

30 Citations

View as Search Results

40 Claims

1. A method of controlling access to a relational database, comprising:
- receiving a user request for data from the database, the request including a request to perform a database operation and a user security label;
  
  determining user security information from the user security label;
  
  retrieving, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
  
  determining row security information for each of the retrieved rows based on the row'"'"'s security label;
  
  determining, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
  
  returning only the rows for which the user is determined to have authorization to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 34)
- - 2. The method of claim 1, wherein the request contains one or more queries of one or more tables.
  - 3. The method of claim 1, wherein the table containing the rows of data contains access control information for limiting user access to the database.
  - 4. The method of claim 1, wherein the database operation is a query.
  - 5. The method of claim 1, wherein the database operation involves a row update.
  - 6. The method of claim 1, wherein said determining row security information includes checking a cache for row security information corresponding to the row'"'"'s security label.
  - 7. The method of claim 1, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels.
  - 8. The method of claim 7, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having a greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label.
  - 34. The method of claim 1, wherein the user is authorized to modify the row only when the user security information is equal to the row security information.

9. (canceled)

10. An apparatus for use within a database management system having a data manager and a database for determining whether a user is authorized to perform a requested operation on a row of data held within the database, the user being associated with a user security label and the row having a row security label, the apparatus comprising:
- a user security unit having recorded therein a hierarchy of security labels;
  
  a read security unit connected to the user security unit and between the data manager and the database, and configured to return the row from the database to the data manager only if the user security label is located in the hierarchy at a level with privileges that are greater than or equal to privileges for a level in the hierarchy at which the row security label is located.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The apparatus of claim 10, further comprising a write security unit connected to the data security unit and between the data manager and the database, and configured to set the row security label to the same value as the user security label if the requested operation is a row update operation.
  - 13. The apparatus of claim 12, wherein the write security unit is further configured to set the row security label with a level lower than the user security level if the user is authorized to update rows with a lower level security label and if security categories specified for the lower level security label are a proper subset of security categories associated with the user security label.
  - 14. The apparatus of claim 10, wherein the requested operation is submitted in a request from a user that does not contain a view operation.
  - 15. The apparatus of claim 10, wherein a table containing the row of data contains access control information for limiting user access to the database.
  - 16. The apparatus of claim 10, further comprising a cache configured to store security information associated with a cached security label, wherein the read access control unit uses the security information in the cache if the row security label matches the cached security label.

11. (canceled)

17. A program product embodied on a computer readable medium, for controlling access to a relational database, comprising program instructions which when executed cause a computer to:
- receive a user request for data from the database, the request including a request to perform a database operation and a user security label;
  
  determine user security information from the user security label;
  
  retrieve, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
  
  determine row security information for each of the retrieved rows based on the row'"'"'s security label;
  
  determine, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
  
  return only the rows for which the user is determined to have authorization to access.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The program product of claim 17, wherein the request contains one or more queries of one or more tables.
  - 19. The program product of claim 17, wherein the table containing the rows of data contains access control information for limiting user access to the database.
  - 20. The program product of claim 17, wherein the database operation is a query.
  - 21. The program product of claim 17, wherein the database operation involves a row update.
  - 22. The program product of claim 17, wherein said determining row security information includes for checking a cache for row security information corresponding to the row'"'"'s security label.
  - 23. The program product of claim 17, wherein the user security label is one of plurality of security labels arranged in a hierarchy of security levels.
  - 24. The program product of claim 23, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label.

25. (canceled)

26. A method of controlling access to data in at least one row of a database, wherein said at least one row is associated with row-level access control information., the method comprising:
- receiving a request from a user to operate on the database;
  
  applying mandatory access control rules to rows of the database satisfying the request by comparing, for each row of the database satisfying the request, a security level associated with the user with a security level associated with the row; and
  
  returning data from the row if the security level associated with the row is at least a subset of the security level of the user.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The method of claim 26, wherein the request is not a request for a predefined view of the database to limit access to said at least one row of the database.
  - 28. The method of claim 26, wherein the method does not modify the received request to limit access to said at least one row of the database.
  - 29. The method of claim 26, wherein the request is a Structured Query Language (SQL) query.
  - 30. The method of claim 26, wherein the database is comprised of a plurality of tables and the received request includes a request for access to at least one of the plurality of tables.

31. A method of controlling a user'"'"'s access to data in rows of a database, wherein each row is associated with a first access level within an access level hierarchy, and the user is associated with a second access level within the access level hierarchy, wherein each access level is associated with one or more privileges and the access levels are related in a hierarchical manner, the method comprising:
- receiving a request from the user to operate on the database;
  
  determining whether the user is authorized to operate on a row of the database that satisfies the request by determining whether privileges associated with the first access level are included in the privileges associated with the second access level, by determining if the second access level dominates the first access level; and
  
  returning data from the row only if the user is determined to be authorized to operate on the row.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31, wherein the request does not contain a request for a view operation.
  - 33. The method of claim 31, wherein the request does not require a join of a table containing access control information for limiting user access to the database.

35. A method for making a computer implemented process to enable controlling access to a relational database, said method comprising:
- instantiating first computer instructions onto a computer readable medium said first instructions configured to receive a user request for data from the database, the request including a request to perform a database operation and a user security label;
  
  instantiating second computer instructions onto a computer readable medium said second instructions configured to determine user security information from the user security label;
  
  instantiating third computer instructions onto a computer readable medium said third instructions configured to retrieve, in response to the user request, rows of data from a table in the database satisfying the database operation, the rows each having a security label;
  
  instantiating fourth computer instructions onto a computer readable medium said fourth instructions configured to determine row security information for each of the retrieved rows based on the row'"'"'s security label;
  
  instantiating fifth computer instructions onto a computer readable medium said fifth instructions configured to determine, for each retrieved row, whether the user is authorized to access the row based on the user security information and the row security information by determining if the user security information dominates the row security information; and
  
  instantiating sixth computer instructions onto a computer readable medium said sixth instructions configured to return only the rows for which the user is determined to have authorization to access, wherein the user security label is one of a plurality of security labels arranged in a hierarchy of security levels, wherein the user is determined to be authorized to access the retrieved row only if the user security label corresponds to a security level having greater than or equal degree of access than a security level indicated by the retrieved row'"'"'s security label and only if the retrieved row'"'"'s security label corresponds to security categories that are a proper subset of security categories corresponding to the user security label.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The method of claim 35, wherein the request contains one or more queries of one or more tables.
  - 37. The method of claim 35, wherein the table containing the rows of data contains access control information for limiting user access to the database.
  - 38. The method of claim 35, wherein the database operation is a query.
  - 39. The method of claim 35, wherein the database operation involves a row update.
  - 40. The method of claim 35, wherein said computer instructions configured to determine row security information includes computer instructions configured to cause the computer to check a cache for row security information corresponding to the row'"'"'s security label.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cotner, Curt, Miller, Roger

Granted Patent

US 7,464,080 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 16/284   Relational databases

G06F 21/6227   where protection concerns t...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2145   Inheriting rights or proper...

Y10S 707/954   Relational

Y10S 707/956   Hierarchical

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99935   Query augmenting and refini...

Y10S 707/99939   Privileged access

ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links