While databases provide capabilities to enforce security and privacy policies, two major issues still prevent applications from safely delegating such policies to the database. The first one is the loss of user identity in multitiered environments which renders the database security features of little to no value. The second issue is the unsafe coexistence between the security capabilities and fundamental database tenets which creates data leakage vulnerabilities. This paper proposes extensions to database systems to allow applications, such as those used in managing the operations of energy clouds, to safely delegate the security and privacy policies to the database. This delegation reduces complexity for applications and improves overall data security and privacy. Our performance evaluation shows that almost all the TPC-H queries perform the same or better when the security policy is enforced by the database. For the set of queries that performed better, the improvement observed ranges from 8 to 68%.

尽管数据库提供了强制执行安全和隐私策略的功能，但是两个主要问题仍然阻止应用程序将此类策略安全地委派给数据库。第一个是多层环境中用户身份的丢失，这使数据库安全功能几乎没有价值。第二个问题是安全功能和基本数据库原则之间的不安全共存，这会造成数据泄漏漏洞。本文提出了对数据库系统的扩展，以允许应用程序（例如用于管理能量云的操作的应用程序）安全地将安全性和隐私策略委派给数据库。该委派降低了应用程序的复杂性，并提高了整体数据安全性和隐私性。我们的性能评估表明，当数据库实施安全策略时，几乎所有TPC-H查询的性能都相同或更好。对于性能更好的一组查询，观察到的改进范围为8％到68％。