Fine-Grained Data Security in Virtual Organizations

Controlling the access to data based on user credentials is a fundamental part of database management systems. In most cases, the level at which information is controlled extends only to a certain level of granularity. In some scenarios, however, there is a requirement to control access at a more granular way allowing the users to see only the data they are supposed to see in a database table. Fine-grained access control (FGAC) provides row-level security capabilities to secure information stored in modern relational database management systems. In case of creating the virtual networking infrastructure of virtual organizations, the security of the data stored in database management systems is a very important issue. Several models have been proposed by research community and database vendors for specifying and enforcing row-level access control at the database layer. This article reviews the most important facts of some significant FGAC models and current implementations of such in two commercial database management systems. We describe a novel concept of implementing FGAC in SQL Server 2005, which resembles Oracle 10g database management system’s FGAC solution virtual private databases (VPD).