Patent Application
20090271383
The present invention generally relates to information technology, and, more particularly, to data disclosure policy enforcement.
Changing existing infrastructure is not a feasible option for enterprises. However, enterprises may need to make their systems compliant with security and privacy requirements from their clients and from legislative bodies. In order to do this and minimize the impact on their system, a mechanism for enabling the exact context under which a query or request is being made by a user needs to be determined. Many, however, have ignored this problem, which has led many to think that making their systems compliant with minimal impact is not possible.
As such, existing approaches do not enforce a security policy while accessing a database by determining a context from a query tagged with context information. Also, existing approaches, for example, describe extending relational databases to allow fine grained access control either by extending language constructs or by specifying security policies as stored procedures. Such approaches, however, do not articulate the mechanism(s) used to get the contextual information from the application layer, but merely assume the problem to be solved.
Principles of the present invention provide techniques for deriving context for data disclosure enforcement. An exemplary method (which may be computer-implemented) for deriving a context for enforcing a data disclosure policy while accessing a database, according to one aspect of the invention, can include steps of receiving a request for database access with meta information, parsing the meta information to identify a context, receiving a user query, formulating a query equivalent to the user query, wherein the equivalent query implements the identified context to enforce a data disclosure policy, and accessing the database with the equivalent query.
At least one embodiment of the invention can be implemented in the form of a computer product including a computer usable medium with computer usable program code for performing the method steps indicated. Furthermore, at least one embodiment of the invention can be implemented in the form of an apparatus including a memory and at least one processor that is coupled to the memory and operative to perform exemplary method steps.
These and other objects, features and advantages of the present invention will become apparent from the following detailed description of illustrative embodiments thereof, which is to be read in connection with the accompanying drawings.
Principles of the present invention include defining a mechanism that allows a user to specify meta-information with an access request, and therefore derive the context that can be used by a database to enforce the relevant access control restrictions and/or policies. Also, principles of the invention include techniques for enforcing security and privacy policies while accessing a database, in which a database query with meta-data is received from a user, the meta-data is parsed to identify a context (for example, application environment) of the database query, and an equivalent policy-compliant query is generated and used to access the database.
Enterprises have significant investment in their existing infrastructure, which are normally built to accomplish their core functions and the subsidiary operations that arose from these functions. Data disclosure controls (that is, security and privacy technology), have been treated as an after-thought for such systems. However, customer concerns and legislative pressure are requiring that enterprises provide (native) controls that protect the information in their repositories. As depicted in
In one or more embodiments of the present invention, disclosure controls can be placed either at the data source or the interface level, thereby lessening the window of exposure for sensitive information and allowing flexibility, scalability and simplicity in the design and implementations of the database applications. The techniques described herein integrating security and privacy technology advocate placing the disclosure control at the interface level, where it is advantageous to determine which policy rules should be applied to each request issued. The rules relevant to a particular request can be determined by the system evaluating the context of the situation, wherein context refers to parameters that embody information about the application environment of the request.
However, a major concern for enterprises is the impact of new technology on their production systems. Constraints of new technology can include, for example, that it should have minimal (or no) impact on the performance and storage requirements of the core system(s) and not require (significant) modification to the systems. Therefore, in transforming non-compliant systems into their security and privacy-compliant equivalents, it is desirable to pass context information to a disclosure control system automatically without user intervention (that is, without impacting the enterprise's workflow).
As such, one or more embodiments of the present invention derive context information automatically based on meta information sent by an application. Also, the techniques described herein outline an example scenario using an augmented Hippocratic Database (HDB) Java database connectivity (JDBC) interface.
A privacy policy can include various elements such as, for example, accessor, purpose, recipient, data, etc. Privacy policies can be stored in the disclosure metadata system and used to enforce the privacy constraints and obligations consistent with an enterprise's and clients' requirements. Enforcement of policy is possible when the system can use the context to determine the applicable rules. Context can include, for example, purpose, accessor, application name or some other environmental information.
As described herein, an exemplary implementation of the context derivation component can include using the Hippocratic Database Driver (HDB) driver, which is wrapper around a JDBC driver. The following steps can be performed to derive the context using the HDB Driver. To execute a query, the application needs a connection. It can first get a connection from the database using the HDB Driver, by passing a JDBC database uniform resource locator (URL) to the HDB driver.
The JDBC database URL can be of the format JDBC:SubProtocol where subprotocol varies from database vendor to vendor. For example, the JDBC URL for DB2 can have formal JDBC:DB2://<Machine_ip:database_port>/<DatabaseName> and the URL for Oracle can be of the form: JDBC:ORACLE:thin:@//<MachineIP:server port(>.
Generally, a JDBC URL is configurable and stored outside the application in a configuration file for ease of modification and security reasons. In
Also, application context information can be stored in a table referred to, for example, as the application usage table. This table can have the following format:
Once the HDB connection is returned to application, it gets a Java statement object from the connection and uses this statement object to execute the query. Along with the query, meta info is also passed to the context derivation component. To associate privacy semantics with the structured query language (SQL) query, the context derivation component retrieves the purpose from application usage table using application ID and accessor. For this scenario, accessor and purpose are collectively referred to as privacy semantics. SQL query with privacy semantics can be passed to a query interface class, which constructs the XML query graph model (XQGM) representation of query. This representation, along with privacy semantics., can be passed to a query rewriter, which extracts the applicable privacy rules from the disclosure metadata store and rewrites the query, which now contains privacy enforcement constructs. This rewritten SQL query can be given to the query interface again, which executes it and returns the result to application.
As described herein, one or more embodiments of the invention include automatically deriving the context based on the meta-information provided by the application, as well as automatically deriving the context without any manual intervention of a user. A user can issue SQL query to access the data, and context can be derived automatically and the query modified based on the context. The techniques described herein also include a context derivation component that is independent of a database, so it can be used with any database. Also, because it is independent of a database, the component does not require any programming or database specific knowledge.
Step 408 includes formulating a query equivalent to the user query, wherein the equivalent query implements the identified context to enforce a data disclosure policy. Formulating a query equivalent to the user query can include passing context information to a disclosure control system automatically without user intervention, modifying the request, executing the request and returning at least one result to an application. Formulating a query equivalent to the user query can also include, for example, using the context to retrieve relevant privacy policy rules, modifying the request, executing the request and returning one or more results to an application. Step 410 includes accessing the database with the equivalent query.
The techniques depicted in
A variety of techniques, utilizing dedicated hardware, general purpose processors, software, or a combination of the foregoing may be employed to implement the present invention. At least one embodiment of the invention can be implemented in the form of a computer product including a computer usable medium with computer usable program code for performing the method steps indicated. Furthermore, at least one embodiment of the invention can be implemented in the form of an apparatus including a memory and at least one processor that is coupled to the memory and operative to perform exemplary method steps.
At present, it is believed that the preferred implementation will make substantial use of software running on a general-purpose computer or workstation. With reference to
Accordingly, computer software including instructions or code for performing the methodologies of the invention, as described herein, may be stored in one or more of the associated memory devices (for example, ROM, fixed or removable memory) and, when ready to be utilized, loaded in part or in whole (for example, into RAM) and executed by a CPU. Such software could include, but is not limited to, firmware, resident software, microcode, and the like.
Furthermore, the invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium (for example, media 518) providing program code for use by or in connection with a computer or any instruction execution system. For the purposes of this description, a computer usable or computer readable medium can be any apparatus for use by or in connection with the instruction execution system, apparatus, or device.
The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of a computer-readable medium include a semiconductor or solid-state memory (for example, memory 504), magnetic tape, a removable computer diskette (for example, media 518), a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk. Current examples of optical disks include compact disk-read only memory (CD-ROM), compact disk-read and/or write (CD-R/W) and DVD.
A data processing system suitable for storing and/or executing program code will include at least one processor 502 coupled directly or indirectly to memory elements 504 through a system bus 510. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
Input and/or output or I/O devices (including but not limited to keyboards 508, displays 506, pointing devices, and the like) can be coupled to the system either directly (such as via bus 510) or through intervening I/O controllers (omitted for clarity).
Network adapters such as network interface 514 may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.
In any case, it should be understood that the components illustrated herein may be implemented in various forms of hardware, software, or combinations thereof, for example, application specific integrated circuit(s) (ASICS), functional circuitry, one or more appropriately programmed general purpose digital computers with associated memory, and the like. Given the teachings of the invention provided herein, one of ordinary skill in the related art will be able to contemplate other implementations of the components of the invention.
At least one embodiment of the invention may provide one or more beneficial effects, such as, for example, automatically deriving the context without any manual intervention of a user.
Although illustrative embodiments of the present invention have been described herein with reference to the accompanying drawings, it is to be understood that the invention is not limited to those precise embodiments, and that various other changes and modifications may be made by one skilled in the art without departing from the scope or spirit of the invention.
