Databases can be divided into a logical view that is seen by the user
and the physical tables (T1, T2, T3) distributed over the network.
T1: {A1, A2}
T2: {Aa, Ab, Ac}
T3: {Ay, Az}
View: {A1, A2, Ab, Ac} ( V = join T1, T2 using A1 and Ab )
View = f(T1, T2, T3) Schema = {attributes, R}
Pview = (u, attributes, R, X) X =actions/accesses
|
V
Ptable1 = (u1, attributes1, R1, X1, host/tables schema)
Prob 1: How to map from policy Pview into several policies {Ptable}?
Prob 2: How to aggregate audit logs @ T1, T2, T3 into log of Tview?
Measures: efficiency? timeliness?
accuracy? how to measure?
- false positive
- false negative