Access control and inference problem in data integration systems. (Problème d'inférence et contrôle d'accès dans les systèmes d'intégration de données)

In this thesis we are interested in controlling the access to a data integration system. In a data integration system, a mediator is defined. This mediator aims at providing a unique entry point to several heterogeneous sources. In this kind of architecture security aspects and access control in particular represent a major challenge. Indeed, every source, designed independently of the others, defines its own access control policy. The problem is then: "How to define a representative policy at the mediator level that preserves sources’ policies?" Preserving the sources’ policies means that a prohibited access at the source level should also be prohibited at the mediator level. Also, the policy of the mediator needs to protect data against indirect accesses. An indirect access occurs when one could synthesize sensitive information from the combination of non sensitive information and semantic constraints. Detecting all indirect accesses in a given system is referred to as the inference problem. In this manuscript, we propose an incremental methodology able to tackle the inference problem in a data integration context. This methodology has three phases. The first phase, the propagation phase, allows combining source policies and therefore generating a preliminary policy at the mediator level. The second phase, the detection phase, characterizes the role of semantic constraints in inducing inference about sensitive information. We also introduce in this phase a graph-based approach able to enumerate all indirect access that could induce accessing sensitive information. In order to deal with previously detected indirect access, we introduce the reconfiguration phase which provides two solutions. The first solution could be implemented at design time. The second solution could be implemented at runtime.

[1]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[2]  Atul Prakash,et al.  Requirements of role-based access control for collaborative systems , 1996, RBAC '95.

[3]  James O. Achugbue,et al.  The Effectiveness Of Output Modification By Rounding For Protection Of Statistical Data Bases , 1979 .

[4]  Ronald Fagin,et al.  Multivalued dependencies and a new normal form for relational databases , 1977, TODS.

[5]  W. W. Armstrong,et al.  Dependency Structures of Data Base Relationships , 1974, IFIP Congress.

[6]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[7]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[8]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[9]  Elena Ferrari,et al.  Database Security , 2009, Encyclopedia of Database Systems.

[10]  Hannu Toivonen,et al.  TANE: An Efficient Algorithm for Discovering Functional and Approximate Dependencies , 1999, Comput. J..

[11]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[12]  Heikki Mannila,et al.  Approximate Inference of Functional Dependencies from Relations , 1995, Theor. Comput. Sci..

[13]  Sushil Jajodia,et al.  Integrity Versus Security in Multi-Level Secure Databases , 1988, DBSec.

[14]  Klaus R. Dittrich,et al.  An Approach for Building Secure Database Federations , 1994, VLDB.

[15]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.

[16]  Pierangela Samarati,et al.  Authentication, access control, and audit , 1996, CSUR.

[17]  Nabil R. Adam,et al.  Security-control methods for statistical databases: a comparative study , 1989, ACM Comput. Surv..

[18]  Bhavani M. Thuraisingham,et al.  Security checking in relational database management systems augmented with inference engines , 1987, Comput. Secur..

[19]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[20]  Chong K. Liew,et al.  A data distortion by probability distribution , 1985, TODS.

[21]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[22]  Jennifer Widom,et al.  The TSIMMIS Project: Integration of Heterogeneous Information Sources , 1994, IPSJ.

[23]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[24]  Michael Stonebraker,et al.  Database research: achievements and opportunities into the 1st century , 1996, SGMD.

[25]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[26]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[27]  Mohand-Said Hacid,et al.  Data Integration in Presence of Authorization Policies , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[28]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[29]  Laura M. Haas,et al.  Schema Mapping as Query Discovery , 2000, VLDB.

[30]  S. Misbah Deen,et al.  Data Integration in Distributed Databases , 1987, IEEE Transactions on Software Engineering.

[31]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[32]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[33]  Elisa Bertino,et al.  Access Control for Databases: Concepts and Systems , 2011, Found. Trends Databases.

[34]  Divesh Srivastava,et al.  The Information Manifold , 1995 .

[35]  Raghav Kaushik,et al.  Efficient auditing for complex SQL queries , 2011, SIGMOD '11.

[36]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[37]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[38]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[39]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[40]  Matthew Morgenstern,et al.  Controlling logical inference in multilevel database systems , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[41]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[42]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[43]  Dan Suciu,et al.  A formal analysis of information disclosure in data exchange , 2004, SIGMOD '04.

[44]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[45]  Ninghui Li,et al.  Distributed Credential Chain Discovery in Trust Management , 2003, J. Comput. Secur..

[46]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[47]  Laurian M. Chirica,et al.  The entity-relationship model: toward a unified view of data , 1975, SIGF.

[48]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[49]  Chris Clifton,et al.  SECURITY AND PRIVACY IMPLICATIONS OF DATA MINING , 1996 .

[50]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[51]  Gail-Joon Ahn,et al.  The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[52]  Ronald Fagin,et al.  On an authorization mechanism , 1978, TODS.

[53]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[54]  Hugo Krawczyk,et al.  Public-key cryptography and password protocols , 1998, CCS '98.

[55]  Theodore D. Friedman,et al.  Towards a Fail-Safe Approach to Secure Databases , 1980, 1980 IEEE Symposium on Security and Privacy.

[56]  Alberto O. Mendelzon,et al.  Tableau Techniques for Querying Information Sources through Global Schemas , 1999, ICDT.

[57]  Ivan P. Fellegi,et al.  On the Question of Statistical Confidentiality , 1972 .

[58]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[59]  Alfred V. Aho,et al.  The theory of joins in relational data bases , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[60]  Kathi Fisler,et al.  Specifying and Reasoning About Dynamic Access-Control Policies , 2006, IJCAR.

[61]  Moritz Y. Becker Specification and Analysis of Dynamic Authorisation Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[62]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[63]  Jianhua Liu,et al.  Toward a Fully De-identified Biomedical Information Warehouse , 2009, AMIA.

[64]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[65]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[66]  Steven P. Reiss Practical Data-Swapping: The First Steps , 1980, 1980 IEEE Symposium on Security and Privacy.

[67]  Josep Domingo-Ferrer,et al.  A Critique of k-Anonymity and Some of Its Enhancements , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[68]  Sabrina De Capitani di Vimercati,et al.  An algebra for composing access control policies , 2002, TSEC.

[69]  Ehud Gudes,et al.  A Model for Evaluation and Administration of Security in Object-Oriented Databases , 1994, IEEE Trans. Knowl. Data Eng..

[70]  Stefano Ceri,et al.  Correctness of query execution strategies in distributed databases , 1983, TODS.

[71]  Jennifer Widom,et al.  Database systems - the complete book (international edition) , 2002 .

[72]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[73]  Ezio Lefons,et al.  An Analytic Approach to Statistical Databases , 1983, VLDB.

[74]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[75]  Jorma Rissanen,et al.  Independent components of relations , 1977, TODS.

[76]  Sabrina De Capitani di Vimercati,et al.  Authorization Specification and Enforcement in Federated Database Systems , 1997, Journal of computing and security.

[77]  Peter Buneman,et al.  Constructing superviews , 1981, SIGMOD '81.

[78]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[79]  Todd D. Millstein,et al.  Navigational Plans For Data Integration , 1999, AAAI/IAAI.

[80]  R. Tibshirani,et al.  Generalized Additive Models , 1986 .

[81]  Elisa Bertino,et al.  Secure interoperation in a multidomain environment employing RBAC policies , 2005, IEEE Transactions on Knowledge and Data Engineering.

[82]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[83]  Elena Console,et al.  Data Fusion , 2009, Encyclopedia of Database Systems.

[84]  Roger King,et al.  Using Object Matching and Materialization to Integrate Heterogeneous Databases , 1999, CoopIS.

[85]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[86]  Jennifer Widom,et al.  View maintenance in a warehousing environment , 1995, SIGMOD '95.

[87]  Alon Y. Halevy,et al.  Recursive Query Plans for Data Integration , 2000, J. Log. Program..

[88]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[89]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[90]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[91]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[92]  Chin-Chen Chang,et al.  Remote password authentication with smart cards , 1991 .

[93]  V. S. Subrahmanian,et al.  Merging Heterogeneous Security Orderings , 1996, ESORICS.

[94]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[95]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[96]  Ashwin Machanavajjhala,et al.  On the efficiency of checking perfect privacy , 2006, PODS '06.

[97]  Ronald Fagin,et al.  Translating Web Data , 2002, VLDB.

[98]  Ravi Sandhu,et al.  Rule-based RBAC with negative authorization , 2004, 20th Annual Computer Security Applications Conference.

[99]  Sabrina De Capitani di Vimercati,et al.  An Authorization Model for Federated Systems , 1996, ESORICS.

[100]  Gultekin Özsoyoglu,et al.  Rounding and Inference Controlin Conceptual Models for Statistical Databases , 1985, 1985 IEEE Symposium on Security and Privacy.

[101]  Mohand-Said Hacid,et al.  Access Control for Data Integration in Presence of Data Dependencies , 2014, DASFAA.

[102]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.

[103]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[104]  Ronald Fagin,et al.  Data exchange: semantics and query answering , 2003, Theor. Comput. Sci..

[105]  Ronald Fagin,et al.  Inclusion dependencies and their interaction with functional dependencies , 1982, PODS.

[106]  Joann J. Ordille,et al.  Data integration: the teenage years , 2006, VLDB.

[107]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.

[108]  Bhavani M. Thuraisingham,et al.  Multilevel security issues in distributed database management systems II , 1991, Comput. Secur..

[109]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[110]  Gio Wiederhold,et al.  Mediators in the architecture of future information systems , 1992, Computer.

[111]  Laura M. Haas,et al.  Towards heterogeneous multimedia information systems: the Garlic approach , 1995, Proceedings RIDE-DOM'95. Fifth International Workshop on Research Issues in Data Engineering-Distributed Object Management.

[112]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[113]  F. E. A Relational Model of Data Large Shared Data Banks , 2000 .

[114]  Gang Zhou,et al.  A framework for supporting data integration using the materialized and virtual approaches , 1996, SIGMOD '96.

[115]  Joann J. Ordille,et al.  Querying Heterogeneous Information Sources Using Source Descriptions , 1996, VLDB.

[116]  Elisa Bertino,et al.  Database Security: Research and Practice , 1995, Inf. Syst..

[117]  Nick Roussopoulos,et al.  Interoperability of multiple autonomous databases , 1990, CSUR.

[118]  Silvana Castano,et al.  Information Integration: The MOMIS Project Demonstration , 2000, VLDB.

[119]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[120]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[121]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[122]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[123]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[124]  Peter Sewell,et al.  Cassandra: distributed access control policies with tunable expressiveness , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[125]  Stéphane Bressan,et al.  Context Interchange: New Features and Formalisms for the Intelligent Integration of Information Context Interchange: New Features and Formalisms for the Intelligent Integration of Information , 1997 .

[126]  I. P. Fellegi,et al.  Statistical Confidentiality: Some Theory and Application to Data Dissemination , 1974 .

[127]  BertinoElisa,et al.  Database Security-Concepts, Approaches, and Challenges , 2005 .

[128]  Jennifer Widom,et al.  Database Systems: The Complete Book , 2001 .

[129]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[130]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[131]  L.,et al.  SECURE COMPUTER SYSTEMS : MATHEMATICAL FOUNDATIONS , 2022 .

[132]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[133]  Ralph Howard,et al.  Data encryption standard , 1987 .

[134]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[135]  Ioana Manolescu,et al.  Answering XML Queries on Heterogeneous Data Sources , 2001, VLDB.

[136]  Rajeev Motwani,et al.  Auditing SQL Queries , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[137]  Felix Naumann,et al.  Data Fusion in Three Steps: Resolving Schema, Tuple, and Value Inconsistencies , 2006, IEEE Data Eng. Bull..

[138]  Traian Marius Truta,et al.  Protection : p-Sensitive k-Anonymity Property , 2006 .

[139]  Chris Clifton,et al.  Privacy-preserving data integration and sharing , 2004, DMKD '04.

[140]  Henryk Wozniakowski,et al.  The statistical security of a statistical database , 1984, TODS.

[141]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[142]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[143]  Jan Schlörer,et al.  Security of statistical databases: multidimensional transformation , 1980, TODS.

[144]  Mark Levene,et al.  A guided tour of relational databases and beyond , 1999 .

[145]  Maurizio Lenzerini,et al.  Data integration: a theoretical perspective , 2002, PODS.

[146]  Alan A. Bertossi,et al.  Dominating Sets for Split and Bipartite Graphs , 1984, Inf. Process. Lett..