An Authorization Model and Implementation for Vector Data in Spatial DBMS

Spatial DBMS and its applications have become more and more popular today. It makes our daily life more convenient and comfortable, but it also brings serious threats to security and privacy. Most applications require a fine-granularity flexible access control model which supports negative authorization; meanwhile, they also require an authorization implementation with high performance. According to the security requirements of the applications of vector data in spatial DBMS, a predicate-based access control model(PBAC) is presented, and predicate rewrite technique is adopted to implement the authorization model in spatial DBMS. Compared with the existing works, in our model, spatial predicate is adopted to specify the authorized objects which improves the flexibility of expression, and negative authorizations are also supported; in our implementation, predicate rewrite technique is used which not only avoids an additional spatial query in authorization enforcement but also assures the low coupling degree between implementations of vector datas authorization and spatial DBMS and the convenience of eliminating spatial predicate redundancies. Experiments results show that our method could satisfy the security requirements and realize the effective authorization of vector data in spatial DBMS.