Security Mechanisms Planning to Enforce Security Policies

This paper presents an approach allowing for a given security and utility requirements, the selection of a combination of mechanisms and the way it will be applied to enforce them. To achieve this goal, we firstly use an expressive formal language to specify the security and utility properties required by data owners and the security mechanisms that can be used to enforce them. Second, we extend and use a Graphplan-based approach to build a planning graph representing all possible transformations of the system resulting from the application of security mechanisms. Finally, we define a method to search the best security mechanisms execution plan to transform the used system from its initial state to a state in which the security requirements are enforced.

[1]  David Gross-Amblard,et al.  Query-preserving watermarking of relational databases and XML documents , 2003, PODS '03.

[2]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[3]  Charles Gretton,et al.  CO-PLAN : Combining SAT-Based Planning with Forward-Search , 2008 .

[4]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[5]  Richard Fikes,et al.  STRIPS: A New Approach to the Application of Theorem Proving to Problem Solving , 1971, IJCAI.

[6]  Bart Selman,et al.  Pushing the Envelope: Planning, Propositional Logic and Stochastic Search , 1996, AAAI/IAAI, Vol. 2.

[7]  Nora Cuppens-Boulahia,et al.  Confidentiality-Preserving Query Execution of Fragmented Outsourced Data , 2013, ICT-EurAsia.

[8]  C. Mellish IJCAI-95 : proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, Montréal, Québec, Canada, August 20-25, 1995 , 1995 .

[9]  Rik Van de Walle,et al.  End-To-End Security for Video Distribution: The Combination of Encryption, Watermarking, and Video Adaptation , 2013, IEEE Signal Process. Mag..

[10]  I-Ling Yen,et al.  Security analysis for order preserving encryption schemes , 2012, 2012 46th Annual Conference on Information Sciences and Systems (CISS).

[11]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[12]  Nora Cuppens-Boulahia,et al.  Preserving Multi-relational Outsourced Databases Confidentiality using Fragmentation and Encryption , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[13]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[14]  Adnan Darwiche,et al.  RSat 2.0: SAT Solver Description , 2006 .

[15]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[16]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[17]  Gene Tsudik,et al.  DSAC: An Approach to Ensure Integrity of Outsourced Databases using Signature Aggregation and Chaining , 2005, IACR Cryptol. ePrint Arch..

[18]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[19]  Gene Tsudik,et al.  Authentication and integrity in outsourced databases , 2006, TOS.

[20]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[21]  Nora Cuppens-Boulahia,et al.  Specification and deployment of integrated Security Policy for Outsourced Data. (Expression et déploiement de politiques de sécurité intégrés pour données externalisées) , 2015 .

[22]  Andreas Schaad,et al.  Optimized and controlled provisioning of encrypted outsourced data , 2014, SACMAT '14.