Efficiently Supporting Attribute-Based Access Control in Relational Databases

While Attribute-Based Access Control (ABAC) is increasingly becoming popular as a topic of research, it is yet to get traction in real applications. One of the reasons for this gap is that unlike Role-Based Access Control, which got support both from the software developers as well as the database community, ABAC is still not supported in relational databases. In this paper, we propose a comprehensive extension to SQL for attribute-based access control in relational databases covering all kinds of database objects like tables, views, stored procedures and triggers. The different types of ABAC attributes including subject, object as well as environmental attributes, are also supported in the proposed SQL extension. Further, we show how such an ABAC extension can be embedded in one of the most popular open source relational databases, namely MySQL. Towards this, we appropriately augment the source code of MySQL with an efficient method for ABAC policy enforcement. The ABAC augmented MySQL source code is being shared for reproducibility of our results, and also for any potential user to install this version and work with it. Findings from an extensive set of experiments establish the feasibility of our approach.