Consistency and enforcement of access rules in cooperative data sharing environment

In this paper we consider the situation where a set of enterprises need to collaborate to provide rich services to their clients. An enterprise may need information from several other collaborating parties to satisfy its business requirements. Such collaboration often requires controlled access to one another’s data, which we assume is stored in standard relational form. We assume that a set of access rules is given to the parties to regulate the data sharing, and such rules are dened over the join operations over the relational data. It is expected that the access rules will be designed according to business needs of the involved enterprises and although some negotiation between them will be involved, only a comprehensive analysis of the rules can uncover all issues of consistency between rules and their adequacy in answering the authorized queries (which we call enforceability). In this paper, we provide such an analysis and provide algorithms for checking and removing inconsistency, checking for rule enforceability, and minimally updating the rules to ensure enforceability whenever possible using only the existing parties. The involvement of specialized third parties for consistency and enforcement purposes is not addressed in this paper.

[1]  Sushil Jajodia,et al.  Authorization enforcement in distributed query evaluation , 2011, J. Comput. Secur..

[2]  Murat Kantarcioglu,et al.  Sovereign Joins , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[3]  Jonathan Goldstein,et al.  Optimizing queries using materialized views: a practical, scalable solution , 2001, SIGMOD '01.

[4]  Radu Sion,et al.  Toward Private Joins on Outsourced Data , 2012, IEEE Transactions on Knowledge and Data Engineering.

[5]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[6]  Timon C. Du,et al.  Access control in collaborative commerce , 2007, Decis. Support Syst..

[7]  Sushil Jajodia,et al.  Rule Enforcement with Third Parties in Secure Cooperative Data Access , 2013, DBSec.

[8]  Sushil Jajodia,et al.  Access rule consistency in cooperative data access environment , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[9]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[10]  Barbara Carminati,et al.  Collaborative access control in on-line social networks , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[11]  Eugene Wong,et al.  Query processing in a system for distributed databases (SDD-1) , 1981, TODS.

[12]  Ehab Al-Shaer,et al.  Automated pseudo-live testing of firewall configuration enforcement , 2009, IEEE Journal on Selected Areas in Communications.

[13]  Sushil Jajodia,et al.  Rule Configuration Checking in Secure Cooperative Data Access , 2012, SafeConfig.

[14]  Ioana Manolescu,et al.  Query optimization in the presence of limited access patterns , 1999, SIGMOD '99.

[15]  Alon Y. Halevy,et al.  Answering queries using views: A survey , 2001, The VLDB Journal.

[16]  Andrea Calì,et al.  Querying Data under Access Limitations , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[17]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[18]  Antonios Gouglidis,et al.  domRBAC: An access control model for modern collaborative systems , 2012, Comput. Secur..

[19]  Surajit Chaudhuri,et al.  An overview of query optimization in relational systems , 1998, PODS.

[20]  Seyed H. Roosta Optimizing Distributed Query Processing , 2005, PDPTA.

[21]  Donald Kossmann,et al.  The state of the art in distributed query processing , 2000, CSUR.

[22]  Yin Yang,et al.  Authenticated join processing in outsourced databases , 2009, SIGMOD Conference.

[23]  Joon S. Park,et al.  Role-based access control for collaborative enterprise in peer-to-peer computing environments , 2003, SACMAT '03.

[24]  Chen Li,et al.  Computing complete answers to queries in the presence of limited access patterns , 2003, The VLDB Journal.

[25]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[26]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[27]  Anas Abou El Kalam,et al.  Access Control for Collaborative Systems: A Web Services Based Approach , 2007, IEEE International Conference on Web Services (ICWS 2007).

[28]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[29]  Alfred V. Aho,et al.  The theory of joins in relational databases , 1979, ACM Trans. Database Syst..