Privacy Preserving Secure Decomposition Algorithm for Attribute Based Access Control Mechanism

Traditional database access control mechanisms use role based methods, with generally row based and attribute based constraints, and privacy is achieved mainly by using views. However, if only a set of views are made accessible to users according to some policy, then this set should be checked against the policy for the whole probable query history. Furthermore, this method can generate a form of a security leak also, since; users may become aware of the existence of inaccessible parts of the database as rows, columns or tables if the view structure is formed incorrectly. The aim of this work is to define a privacy preserving secure decomposition algorithm according to the attribute based policy rules and build an external layer which decomposes the relations into several ones in order to inhibit joins or inferences that may violate predefined privacy constraints. The decomposition in this paper can be easily combined with row based constraints. We prove that our decomposition technique generates a schema that is in compliance with the given privacy policy constraints. In addition, the decomposed new schema is maximal in the sense that it allows all probable queries that do not violate the privacy policy.