Policy Assurance in Database Systems

Jose Hiram Soltren, jsoltren@csail.mit.edu

About Me

• MIT M. Eng student, Course 6.2 (EE+CS) undergrad
• Originally from Brooklyn, NY, now looking to move to California
• Interests: Security, Systems, Social networking
• Took 6.805, wrote about Facebook
• Other interests: Electronics, Bicycling, Machining, Eating

About The Project

• Policy Assurance: making sure that we are playing by the rules.
• Different rules for different systems, regulating access control, use of data, permissions.
• More general than ACLs, allowing us to encode abstract concepts.
• Uses logical reasoning to show (prove!) that rules are being followed or broken.
• Allows us to demonstrate compliance while revealing less information
• Great for secured databases
• Recommendations, not strict access control (yet).

Goals and Timeline

• February: Define sample scenario. Have sample queries working. Write policies in AIR, and queries in RDF using SPASQL/SPARQL.
• March: Create an abstraction for these SPARQL queries, and provide a meta level that removes dependence on the data structure.
• April: Move from using SPARQL to using SQL directly, either by converting SQL directly to RDF, or to SPARQL and then RDF.
• May: Make everything work together nicely. Demonstrate more functionality. Give MasterWorks presentation and write thesis. Document everything for posterity.
• June: Graduate!

Challenges

• How do we convert arbitrary SQL queries to SPARQL/RDF?
• How do we encode abstract policies in a way conducive to reasoning?
• How can we tie this in with an existing database in production?
• etc.

Questions?

Let me know!