Secure normal forms
First Claim
1. A computer-implemented method comprising:
- at a database server, receiving from a client a query requesting data that is stored at least in part in a particular column of a table in a database managed by the database server;
wherein the database includes a security policy that is defined for the particular column of one or more particular rows stored in the table;
at the database server, processing the query and retrieving a set of rows from the database, wherein each row of the set of rows includes the particular column of the table;
after retrieving the set of rows and before sending a result set of rows to the client, at the database server modifying the set of rows into the result set of rows by applying the security policy to said each row of the set of rows, wherein applying the security policy to said each row comprises;
determining whether the security policy is satisfied for the particular column of said each row;
replacing, in the result set of rows, a data value in the particular column of said each row with a security-NULL value when the security policy is not satisfied for the particular column of said each row; and
including the data value in the particular column of said each row into the result set of rows when the security policy is satisfied for the particular column of said each row; and
wherein both invoking the security policy and the step of replacing are not a result of rewriting the query;
after modifying the set of rows into the result set of rows, at the database server returning the result set of rows to the client;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for implementing secure normal forms are provided. In one embodiment, in response to a request for data from a client, a database server is operable to enforce a column-level security policy that is defined for a particular column of some, but not necessarily all, rows of a table stored in a database. After retrieving a set of rows from the table and before returning a result set of rows to the client, the database server modifies the retrieved set of rows into the result set of rows by applying the security policy to each row of the retrieved set of rows, where applying the security policy to a row comprises: determining whether the security policy is satisfied for the particular column of that row; replacing, in the result set of rows, a data value in the particular column of that row with a security-NULL value when the security policy is not satisfied; and including the data value in the particular column of that row into the result set of rows when the security policy is satisfied. After generating the result set of rows, the database server returns the result set of rows to the client.
61 Citations
22 Claims
-
1. A computer-implemented method comprising:
-
at a database server, receiving from a client a query requesting data that is stored at least in part in a particular column of a table in a database managed by the database server; wherein the database includes a security policy that is defined for the particular column of one or more particular rows stored in the table; at the database server, processing the query and retrieving a set of rows from the database, wherein each row of the set of rows includes the particular column of the table; after retrieving the set of rows and before sending a result set of rows to the client, at the database server modifying the set of rows into the result set of rows by applying the security policy to said each row of the set of rows, wherein applying the security policy to said each row comprises; determining whether the security policy is satisfied for the particular column of said each row; replacing, in the result set of rows, a data value in the particular column of said each row with a security-NULL value when the security policy is not satisfied for the particular column of said each row; and including the data value in the particular column of said each row into the result set of rows when the security policy is satisfied for the particular column of said each row; and wherein both invoking the security policy and the step of replacing are not a result of rewriting the query; after modifying the set of rows into the result set of rows, at the database server returning the result set of rows to the client; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 21)
-
-
11. A computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause a database server to perform:
-
receiving from a client a query requesting data that is stored at least in part in a particular column of a table in a database managed by the database server; wherein the database includes a security policy that is defined for the particular column of one or more particular rows stored in the table; processing the query and retrieving a set of rows from the database, wherein each row of the set of rows includes the particular column of the table; after retrieving the set of rows and before sending a result set of rows to the client, modifying the set of rows into the result set of rows by applying the security policy to said each row of the set of rows, wherein applying the security policy to said each row comprises; determining whether the security policy is satisfied for the particular column of said each row; replacing, in the result set of rows, a data value in the particular column of said each row with a security-NULL value when the security policy is not satisfied for the particular column of said each row; and including the data value in the particular column of said each row into the result set of rows when the security policy is satisfied for the particular column of said each row; and wherein both invoking the security policy and the step of replacing are not a result of rewriting the query; after modifying the set of rows into the result set of rows, returning the result set of rows to the client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 22)
-
Specification