Strong and Provably Secure Database Access Control
Marco Guarnieri, Srdjan Marinovic, David Basin
TL;DR
This paper introduces a provably secure database access control mechanism that addresses limitations of existing SQL controls by providing strong security guarantees against advanced attack vectors.
Contribution
It develops a formal security framework and a new access control mechanism that is proven to be secure against realistic attacker models in modern databases.
Findings
Prevents privilege escalation and data leakage attacks.
Provides formal security proofs for the proposed mechanism.
Addresses gaps in theoretical foundations of database security.
Abstract
Existing SQL access control mechanisms are extremely limited. Attackers can leak information and escalate their privileges using advanced database features such as views, triggers, and integrity constraints. This is not merely a problem of vendors lagging behind the state-of-the-art. The theoretical foundations for database security lack adequate security definitions and a realistic attacker model, both of which are needed to evaluate the security of modern databases. We address these issues and present a provably secure access control mechanism that prevents attacks that defeat popular SQL database systems.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.