Access control and inference problem in data integration systems

In this thesis we are interested in controlling the access to a data integration system. In a data integration system, a mediator is defined. This mediator aims at providing a unique entry point to several heterogeneous sources. In this kind of architecture security aspects and access control in particular represent a major challenge. Indeed, every source, designed independently of the others, defines its own access control policy. The problem is then: "How to define a representative policy at the mediator level that preserves sources’ policies?" Preserving the sources’ policies means that a prohibited access at the source level should also be prohibited at the mediator level. Also, the policy of the mediator needs to protect data against indirect accesses. An indirect access occurs when one could synthesize sensitive information from the combination of non sensitive information and semantic constraints. Detecting all indirect accesses in a given system is referred to as the inference problem. In this manuscript, we propose an incremental methodology able to tackle the inference problem in a data integration context. This methodology has three phases. The first phase, the propagation phase, allows combining source policies and therefore generating a preliminary policy at the mediator level. The second phase, the detection phase, characterizes the role of semantic constraints in inducing inference about sensitive information. We also introduce in this phase a graph-based approach able to enumerate all indirect access that could induce accessing sensitive information. In order to deal with previously detected indirect access, we introduce the reconfiguration phase which provides two solutions. The first solution could be implemented at design time. The second solution could be implemented at runtime.

[1]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[2]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[3]  Jennifer Widom,et al.  The TSIMMIS Project: Integration of Heterogeneous Information Sources , 1994, IPSJ.

[4]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[5]  Mohand-Said Hacid,et al.  Data Integration in Presence of Authorization Policies , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[6]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[7]  Ivan P. Fellegi,et al.  On the Question of Statistical Confidentiality , 1972 .

[8]  Ezio Lefons,et al.  An Analytic Approach to Statistical Databases , 1983, VLDB.

[9]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[10]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[11]  Laurian M. Chirica,et al.  The entity-relationship model: toward a unified view of data , 1975, SIGF.

[12]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[13]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[14]  Atul Prakash,et al.  Requirements of role-based access control for collaborative systems , 1996, RBAC '95.

[15]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[16]  Ashwin Machanavajjhala,et al.  On the efficiency of checking perfect privacy , 2006, PODS '06.

[17]  Ronald Fagin,et al.  Translating Web Data , 2002, VLDB.

[18]  W. W. Armstrong,et al.  Dependency Structures of Data Base Relationships , 1974, IFIP Congress.

[19]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[20]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[21]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[22]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[23]  Joann J. Ordille,et al.  Querying Heterogeneous Information Sources Using Source Descriptions , 1996, VLDB.

[24]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[25]  Nick Roussopoulos,et al.  Interoperability of multiple autonomous databases , 1990, CSUR.

[26]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[27]  Josep Domingo-Ferrer,et al.  A Critique of k-Anonymity and Some of Its Enhancements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[28]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[29]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[30]  Jorma Rissanen,et al.  Independent components of relations , 1977, TODS.

[31]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[32]  Bhavani M. Thuraisingham,et al.  Security checking in relational database management systems augmented with inference engines , 1987, Comput. Secur..

[33]  Theodore D. Friedman,et al.  Towards a Fail-Safe Approach to Secure Databases , 1980, 1980 IEEE Symposium on Security and Privacy.

[34]  Alberto O. Mendelzon,et al.  Tableau Techniques for Querying Information Sources through Global Schemas , 1999, ICDT.

[35]  Silvana Castano,et al.  Information Integration: The MOMIS Project Demonstration , 2000, VLDB.

[36]  Ravi Sandhu,et al.  Rule-based RBAC with negative authorization , 2004, 20th Annual Computer Security Applications Conference.

[37]  Sabrina De Capitani di Vimercati,et al.  An Authorization Model for Federated Systems , 1996, ESORICS.

[38]  Gultekin Özsoyoglu,et al.  Rounding and Inference Controlin Conceptual Models for Statistical Databases , 1985, 1985 IEEE Symposium on Security and Privacy.

[39]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[40]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[41]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[42]  R. Tibshirani,et al.  Generalized Additive Models , 1986 .

[43]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[44]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[45]  Elena Console,et al.  Data Fusion , 2009, Encyclopedia of Database Systems.

[46]  Roger King,et al.  Using Object Matching and Materialization to Integrate Heterogeneous Databases , 1999, CoopIS.

[47]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[48]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[49]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[50]  Traian Marius Truta,et al.  Protection : p-Sensitive k-Anonymity Property , 2006 .

[51]  Matthew Morgenstern,et al.  Controlling logical inference in multilevel database systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[52]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[53]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[54]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[55]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2007, J. Comput. Syst. Sci..

[56]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[57]  Moritz Y. Becker Specification and Analysis of Dynamic Authorisation Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[58]  James O. Achugbue,et al.  The Effectiveness Of Output Modification By Rounding For Protection Of Statistical Data Bases , 1979 .

[59]  Ronald Fagin,et al.  Multivalued dependencies and a new normal form for relational databases , 1977, TODS.

[60]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[61]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[62]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[63]  Elisa Bertino,et al.  Access Control for Databases: Concepts and Systems , 2011, Found. Trends Databases.

[64]  Divesh Srivastava,et al.  The Information Manifold , 1995 .

[65]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[66]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[67]  Raghav Kaushik,et al.  Efficient auditing for complex SQL queries , 2011, SIGMOD '11.

[68]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[69]  Chris Clifton,et al.  Privacy-preserving data integration and sharing , 2004, DMKD '04.

[70]  Henryk Wozniakowski,et al.  The statistical security of a statistical database , 1984, TODS.

[71]  Maurizio Lenzerini,et al.  Data integration: a theoretical perspective , 2002, PODS.

[72]  Alan A. Bertossi,et al.  Dominating Sets for Split and Bipartite Graphs , 1984, Inf. Process. Lett..

[73]  Laura M. Haas,et al.  Schema Mapping as Query Discovery , 2000, VLDB.

[74]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[75]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[76]  Ralph Howard,et al.  Data encryption standard , 1987 .

[77]  BertinoElisa,et al.  Database Security-Concepts, Approaches, and Challenges , 2005 .

[78]  Jennifer Widom,et al.  Database Systems: The Complete Book , 2001 .

[79]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[80]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[81]  Steven P. Reiss Practical Data-Swapping: The First Steps , 1980, 1980 IEEE Symposium on Security and Privacy.

[82]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..

[83]  Stefano Ceri,et al.  Correctness of query execution strategies in distributed databases , 1983, TODS.

[84]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[85]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[86]  Jennifer Widom,et al.  Database systems - the complete book (international edition) , 2002 .

[87]  Jan Schlörer,et al.  Security of statistical databases: multidimensional transformation , 1980, TODS.

[88]  Mark Levene,et al.  A guided tour of relational databases and beyond , 1999 .

[89]  Laura M. Haas,et al.  Towards heterogeneous multimedia information systems: the Garlic approach , 1995, Proceedings RIDE-DOM'95. Fifth International Workshop on Research Issues in Data Engineering-Distributed Object Management.

[90]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[91]  F. E. A Relational Model of Data Large Shared Data Banks , 2000 .

[92]  Gang Zhou,et al.  A framework for supporting data integration using the materialized and virtual approaches , 1996, SIGMOD '96.

[93]  Chong K. Liew,et al.  A data distortion by probability distribution , 1985, TODS.

[94]  Hannu Toivonen,et al.  TANE: An Efficient Algorithm for Discovering Functional and Approximate Dependencies , 1999, Comput. J..

[95]  Heikki Mannila,et al.  Approximate Inference of Functional Dependencies from Relations , 1995, Theor. Comput. Sci..

[96]  Sushil Jajodia,et al.  Integrity Versus Security in Multi-Level Secure Databases , 1988, DBSec.

[97]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[98]  Chris Clifton,et al.  SECURITY AND PRIVACY IMPLICATIONS OF DATA MINING , 1996 .

[99]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[100]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[101]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[102]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[103]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1998, CCS '98.

[104]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[105]  Peter Buneman,et al.  Constructing superviews , 1981, SIGMOD '81.

[106]  Jennifer Widom,et al.  View maintenance in a warehousing environment , 1995, SIGMOD '95.

[107]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[108]  V. S. Subrahmanian,et al.  Merging Heterogeneous Security Orderings , 1996, ESORICS.

[109]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[110]  S. Misbah Deen,et al.  Data Integration in Distributed Databases , 1987, IEEE Transactions on Software Engineering.

[111]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[112]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[113]  Mohand-Said Hacid,et al.  Access Control for Data Integration in Presence of Data Dependencies , 2014, DASFAA.

[114]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.

[115]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[116]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[117]  Ioana Manolescu,et al.  Answering XML Queries on Heterogeneous Data Sources , 2001, VLDB.

[118]  Rajeev Motwani,et al.  Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[119]  Felix Naumann,et al.  Data Fusion in Three Steps: Resolving Schema, Tuple, and Value Inconsistencies , 2006, IEEE Data Eng. Bull..

[120]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[121]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[122]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[123]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[124]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[125]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[126]  Todd D. Millstein,et al.  Navigational Plans For Data Integration , 1999, AAAI/IAAI.

[127]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[128]  Alon Y. Halevy,et al.  Recursive Query Plans for Data Integration , 2000, J. Log. Program..

[129]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[130]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[131]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.

[132]  Bhavani M. Thuraisingham,et al.  Multilevel security issues in distributed database management systems II , 1991, Comput. Secur..

[133]  Ronald Fagin,et al.  Data exchange: semantics and query answering , 2003, Theor. Comput. Sci..

[134]  Ronald Fagin,et al.  Inclusion dependencies and their interaction with functional dependencies , 1982, PODS.

[135]  Joann J. Ordille,et al.  Data integration: the teenage years , 2006, VLDB.

[136]  HalevyAlon,et al.  MiniCon: A scalable algorithm for answering queries using views , 2001, VLDB 2001.

[137]  HurJunbeom,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011 .

[138]  Alfred V. Aho,et al.  The theory of joins in relational data bases , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[139]  Kathi Fisler,et al.  Specifying and Reasoning About Dynamic Access-Control Policies , 2006, IJCAR.

[140]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[141]  Jianhua Liu,et al.  Toward a Fully De-identified Biomedical Information Warehouse , 2009, AMIA.

[142]  Stéphane Bressan,et al.  Context Interchange: New Features and Formalisms for the Intelligent Integration of Information Context Interchange: New Features and Formalisms for the Intelligent Integration of Information , 1997 .

[143]  I. P. Fellegi,et al.  Statistical Confidentiality: Some Theory and Application to Data Dissemination , 1974 .

[144]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[145]  Elena Ferrari,et al.  Database Security , 2009, Encyclopedia of Database Systems.

[146]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[147]  Michael Stonebraker,et al.  Database research: achievements and opportunities into the 1st century , 1996, SGMD.

[148]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.