A View with Mask for Cell-Level Data Access Control

S. Fujiwara (Japan)


Database security, Privacy control, Query rewrite.


Fine-grain data access control has become a critical issue for information systems. For example, a healthcare information system must strictly protect patient information, e.g., a physician should not see the patient’s privacy information except his/her own patients. However, he/she may need to have statistical information, such as average length of stay or typical clinical pathway for each diagnosis in order to improve the quality of service for all patients. Current database systems employ a data access control using a view definition that does not provide cell-level data access control for ad-hoc queries. Since the view definition will be applied before executing queries, an ad-hoc query having aggregation on access-controlled columns will give different results for each user. In this paper, we propose an extension of the view, called a view with mask, where we can define a mask condition and a value for each column that will be applied to the result of query execution. We also provide query rewrite algorithms to implement a view with mask. A view with mask can keep a security level, called inference free against coloring. If a relation is inference-free against coloring, then the result of a query is also inference-free against coloring.

Important Links:

Go Back