\chapter{Concluding Thoughts}

The problem of policy assurance is one of transparency, accountability, and correctness. The classic approach to sensitive security issues has always been a very black-and-white ``all or none'': either data is visible, or it is restricted. In a modern and inter-disciplinary world, adding more shades of gray to the possibilities for security is increasingly important. The security approach that we describe in this thesis does not simply ask \emph{who} a user is, but also \emph{what} they are trying to see. At present, SQL database security operates on the level of a table. At best, we can grant or deny access to particular rows and columns of a table, but the limitation is still a table: a flat, two-dimensional structure.

The Semantic Web works with data that comes, not in table form, but in graph form. The Semantic Web is built on top of the Web, with its myriad of interconnected links. By using Semantic Web technologies, we can begin to define policies that act not simply on tables, but on a more complex, more abstract data set. Furthermore, we can define policies that are as fine-grained as individual terms in a query.

By looking at queries, this project takes a different approach than other database security initiatives. This system can operate completely externally to a database, or function as an addition. It can protect sensitive data contained in user queries by design. It provides a human- and machine-readable ``paper trail'' that gives more explicit information about policies to users and auditors, while allowing enough freedom for administrators to easily create interesting policies. This design gives a performance benefit: by looking at queries and not results, the system can save a heavily loaded database server from executing queries that are not compliant, and would be a use of valuable cycles.

Our approach is particularly valuable in multi-tiered environments containing highly sensitive data, where different parties have different access privileges and different access needs. This approach minimizes the amount of information in a log, to the information that is strictly needed to verify a particular assertion. This improves usability and reduces the risk of data leakage, by showing an auditor everything they need to see, and nothing they don't. This is a boon, as it allows even more levels of access, potentially enabling new workflows.

The specific approach of this project was to check query patterns. We converted SPARQL queries to the N3 language, and provided a tool for doing so. We wrote policies in the AIR language, and provided tools to help an administrator write their own policies according to our boilerplate. We provided a way to check the queries against the policies, using the Firefox Web browser. The system achieves the goal of usability and scalability.

Of course, this system is not without its limitations. The current implementation scales reasonably well for hundreds or thousands of entities, but not for millions of entities. Some important future work will add needed performance and usability improvements.

It is our hope that this system will eventually see utilization in production, and will grow over time. The author can only begin to imagine the possibilities for this system.

\begin{quote}
``Share and enjoy.''

--Douglas Adams, \emph{The Hitchhiker's Guide to the Galaxy}
\end{quote}

% Don't forget to run bibtex, too!
% pdflatex main.tex && bibtex main && pdflatex main.tex && pdflatex main.tex