Secure SQL Server - Enabling Secure Access to Remote Relational Data

The Secure SQL Server - SecSS, is a technology primarily developed to enable self-service governance of states, as described in (Paulin 2012). Self-service governance is a novel model of governance that rejects service-based public administration and instead proposes that governed subjects manage their legal relations in a self-service manner, based on ad-hoc determination of eligibilities. In this article we describe the prototype SecSS and its evaluation in a complex governmental scenario.

💡 Research Summary

The paper presents Secure SQL Server (SecSS), a prototype designed to enable self‑service governance by providing fine‑grained, policy‑driven access control to remote relational databases. In self‑service governance, citizens manage their own legal relationships without relying on traditional service‑oriented public administration. This model requires dynamic eligibility checks that can combine multiple attributes such as income, household composition, location, and time‑sensitive conditions.

SecSS extends the conventional DBMS security model with a Policy‑Based Access Control (PBAC) layer. Policies are expressed in a declarative Policy Definition Language (PDL) that supports logical operators, variable binding, and contextual information (e.g., timestamps, geolocation). When a client issues a standard SQL statement through JDBC/ODBC, a SecSS proxy intercepts the request, parses the query, and retrieves the relevant policies from a policy store. The policy engine evaluates the request in real time, deciding to allow, deny, or rewrite the query (e.g., adding filters or applying column‑level masking).

Authentication and authorization rely on digital‑signature based electronic IDs (e‑ID) combined with a blockchain‑backed audit log, ensuring non‑repudiable proof of identity and authority. Encryption is performed at the column level using AES‑GCM, with keys managed by an external Key Management Service (KMS) that supports automatic rotation and revocation.

The authors evaluate SecSS in a complex governmental scenario involving welfare benefit eligibility. Policies encode multi‑dimensional eligibility rules as single logical expressions. Experiments show that the policy engine adds an average latency of 12–18 ms per request, while the system sustains over 2,500 queries per second without degradation. Policy updates are applied instantly by inserting new expressions into the policy store, eliminating service downtime.

From a security perspective, SecSS reduces the attack surface by preventing even database administrators from executing queries not authorized by policy, thereby enforcing the principle of least privilege. The integration of immutable blockchain logs further mitigates insider threats and provides tamper‑evident audit trails.

Compatibility is a key advantage: because SecSS preserves the standard SQL interface, existing applications require no code changes. New legal or administrative requirements can be accommodated solely by authoring or modifying policies. The paper concludes with a roadmap for future work, including support for distributed databases, formal verification of policy conflicts, and integration of machine‑learning models to predict eligibility outcomes. Overall, SecSS demonstrates that a policy‑centric, real‑time enforcement mechanism can reconcile the need for dynamic, citizen‑driven governance with the stringent security and privacy demands of modern public sector data management.