Enhancing and simplifying data security and privacy for multitiered applications

While databases provide capabilities to enforce security and privacy policies, two major issues still prevent applications from safely delegating such policies to the database. The first one is the loss of user identity in multitiered environments which renders the database security features of little to no value. The second issue is the unsafe coexistence between the security capabilities and fundamental database tenets which creates data leakage vulnerabilities. This paper proposes extensions to database systems to allow applications, such as those used in managing the operations of energy clouds, to safely delegate the security and privacy policies to the database. This delegation reduces complexity for applications and improves overall data security and privacy. Our performance evaluation shows that almost all the TPC-H queries perform the same or better when the security policy is enforced by the database. For the set of queries that performed better, the improvement observed ranges from 8 to 68%.