A fine-grained access control model for relational databases

Fine-grained access control (FGAC) must be supported by relational databases to satisfy the requirements of privacy preserving and Internet-based applications. Though much work on FGAC models has been conducted, there are still a number of ongoing problems. We propose a new FGAC model which supports the specification of open access control policies as well as closed access control policies in relational databases. The negative authorization is supported, which allows the security administrator to specify what data should not be accessed by certain users. Moreover, multiple policies defined to regulate user access together are also supported. The definition and combination algorithm of multiple policies are thus provided. Finally, we implement the proposed FGAC model as a component of the database management system (DBMS) and evaluate its performance. The performance results show that the proposed model is feasible.