Data Integration in Presence of Authorization Policies

Information is more and more stored over distributed sources. A simple access to information in these sources requires a single access point. Data integration methods are designed to provide this kind of access by allowing to specify a mediator between the users and the sources. From an access control point of view, the question is how to specify access control of a system built on top of distributed data sources. Each source specifies and enforces its own policies. So, an access control enforced at the mediator level has to preserve the local access controls (of the sources). In this paper, we investigate an approach allowing to derive (i.e., factorization) the access control policies that should be attached and enforced at the mediator level. The proposed approach is illustrated on the relational data model as a reference framework. The approach ensures that the local policies are preserved at the mediator level.

[1]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[2]  Sushil Jajodia,et al.  Secure mediated databases , 1996, Proceedings of the Twelfth International Conference on Data Engineering.

[3]  Y HalevyAlon Answering queries using views: A survey , 2001, VLDB 2001.

[4]  Chris Clifton,et al.  Privacy-preserving data integration and sharing , 2004, DMKD '04.

[5]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[6]  Pedro M. Domingos,et al.  iMAP: discovering complex semantic matches between database schemas , 2004, SIGMOD '04.

[7]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[8]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.

[9]  Sushil Jajodia,et al.  A logic-based framework for attribute based access control , 2004, FMSE '04.

[10]  Jennifer Widom,et al.  The TSIMMIS Project: Integration of Heterogeneous Information Sources , 1994, IPSJ.

[11]  Fèlix Saltor,et al.  Integrating Security Policies in Federated Database Systems , 2000, DBSec.

[12]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[13]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[14]  Maurizio Lenzerini,et al.  Data integration: a theoretical perspective , 2002, PODS.

[15]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[16]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[17]  John Lane,et al.  IEEE Standard Computer Dictionary: Compilation of IEEE Standard Computer Glossaries , 1991 .

[18]  Ravi Sandhu,et al.  Rule-based RBAC with negative authorization , 2004, 20th Annual Computer Security Applications Conference.

[19]  Patrick Valduriez,et al.  Proceedings of the 2004 ACM SIGMOD international conference on Management of data , 2004, SIGMOD 2004.

[20]  Klemens Böhm,et al.  Proceedings of the International Conference on Very Large Data Bases , 2005 .

[21]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[22]  Pierangela Samarati,et al.  Providing Security and Interoperation of Heterogeneous Systems , 2004, Distributed and Parallel Databases.