Enabling Collaborative Data Authorization Between Enterprise Clouds

We consider a collaborative enterprise computing environment where a group of enterprises or parties maintain their own relational databases to which they allow restricted access to other parties. The access is regulated by means of a set of authorization rules that may be defined using relational calculus, including joins over relations from multiple parties. In this chapter, we provide an overview of the issues that arise in such an environment and some solutions. In particular, since individual parties are likely to formulate the rules in a somewhat piecemeal manner, the rules may be mutually inconsistent or inadequate to answer the desired queries. We address the issues of detecting inconsistencies and methods for fixing them. We also discuss the question of enforceability (or adequacy) of the rules. When rules, as given, are not enforceable, we can either augment the access rights or employ trusted third parties to perform unenforceable operations. We also address the issue of handling dynamic changes to rules. Finally, we consider the problem of generating efficient query plans in this environment.

[1]  Alfred V. Aho,et al.  The theory of joins in relational databases , 1979, ACM Trans. Database Syst..

[2]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[3]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[4]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[5]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[6]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[7]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[8]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[9]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[10]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[11]  Sushil Jajodia,et al.  Rule Configuration Checking in Secure Cooperative Data Access , 2012, SafeConfig.

[12]  Jonathan Goldstein,et al.  Optimizing queries using materialized views: a practical, scalable solution , 2001, SIGMOD '01.

[13]  Ehab Al-Shaer,et al.  Automated pseudo-live testing of firewall configuration enforcement , 2009, IEEE Journal on Selected Areas in Communications.

[14]  Sushil Jajodia,et al.  Consistent Query Plan Generation in Secure Cooperative Data Access , 2014, DBSec.

[15]  Sushil Jajodia,et al.  Rule Enforcement with Third Parties in Secure Cooperative Data Access , 2013, DBSec.

[16]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[17]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[18]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[19]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[20]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[21]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.

[22]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[23]  Sushil Jajodia,et al.  Access rule consistency in cooperative data access environment , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).