A Policy Framework for Data Fusion and Derived Data Control

Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from different information sources and under the control of different authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.

[1]  Sushil Jajodia,et al.  Maintaining privacy on derived objects , 2005, WPES '05.

[2]  Vijayalakshmi Atluri,et al.  An authorization model for temporal and derived data: securing information portals , 2002, TSEC.

[3]  Jorge Lobo,et al.  Access control policy combining: theory meets practice , 2009, SACMAT '09.

[4]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[5]  Andrew C. Myers,et al.  Protecting privacy using the decentralized label model , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[6]  James J. Clark,et al.  Data Fusion for Sensory Information Processing Systems , 1990 .

[7]  Emil C. Lupu,et al.  A Labelling System for Derived Data Control , 2010, DBSec.

[8]  Jerry den Hartog,et al.  SAFAX – An Extensible Authorization Service for Cloud Environments , 2015, Front. ICT.

[9]  Sandro Etalle,et al.  A Semantic Security Framework for Systems of Systems , 2013, Int. J. Cooperative Inf. Syst..

[10]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[11]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[12]  Jerry den Hartog,et al.  Analysis of XACML Policies with SMT , 2015, POST.

[13]  Elisa Bertino,et al.  Information Flow Control in Object-Oriented Systems , 1997, IEEE Trans. Knowl. Data Eng..

[14]  Jerry den Hartog,et al.  Towards Static Flow-Based Declassification for Legacy and Untrusted Programs , 2010, 2010 IEEE Symposium on Security and Privacy.

[15]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[16]  Sandro Etalle,et al.  Reputation-Based Ontology Alignment for Autonomy and Interoperability in Distributed Access Control , 2009, 2009 International Conference on Computational Science and Engineering.

[17]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[18]  Elizabeth A. Croft,et al.  A low-level control policy for data fusion , 2001, Conference Documentation International Conference on Multisensor Fusion and Integration for Intelligent Systems. MFI 2001 (Cat. No.01TH8590).

[19]  Elisa Bertino,et al.  Providing flexibility in information flow control for object oriented systems , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Nora Cuppens-Boulahia,et al.  Consistency Policies for Dynamic Information Systems with Declassification Flows , 2011, ICISS.

[21]  James Llinas,et al.  An introduction to multisensor data fusion , 1997, Proc. IEEE.

[22]  Alley Stoughton Access Flow: A Protection Model which Integrates Access Control and Information Flow , 1981, 1981 IEEE Symposium on Security and Privacy.

[23]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[24]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  B. Thuraisingham,et al.  Secure sensor information management and mining , 2004, IEEE Signal Processing Magazine.

[26]  Tomás Knap,et al.  Linked Data Fusion in ODCleanStore , 2012, International Semantic Web Conference.

[27]  Nicola Zannone,et al.  Preventing Information Inference in Access Control , 2015, SACMAT.

[28]  Jerry den Hartog,et al.  CollAC: Collaborative access control , 2014, 2014 International Conference on Collaboration Technologies and Systems (CTS).