A lattice-theoretic model for relational database security

Abstract

It is often the case that a major concern with databases is security. In this paper we introduce a new model for database security. The basic idea of this new model is that answers to queries are based on equivalent data values and not on individual datum values. Sets of data are divided into equivalence classes, and queries are answered with respect to these equivalence classes and not with respect to the individual datum. Different users may be assigned different equivalence classes through which they can view and access the data, and thus our model has user views. Our user views serve the same purpose as the more commonly defined user views though ours are defined differently. A set of equivalence classes on a data set forms a partition, and thus our model uses partitions though in a different manner than is common in database security. In our model the elements of a partition are used to answer queries; they are not used to restrict the domain of the query. Since the collection of all partitions on a set has nice mathematical properties, collections of user views also have many nice mathematical properties. For example, we can often compare user views; and if two views are not comparable, we can find a best unifying view which is comparable with the other two.