A FCA framework for inference control in data integration systems

Specifying a global access control policy in a data integration system using traditional methods does not necessarily offer a sound and efficient solution to deal with the inference problem. This is because data dependencies (between distributed data sets) are not taken into account when local policies are defined. In this paper, we propose a methodology, together with a set of algorithms, that can help to efficiently detect inferences by considering semantic constraints. The proposed approach is based on formal concept analysis (FCA) as a representation framework. Given a set of local policies, an initial global policy and data dependencies, we propose a methodology that allows the security administrator to derive a set of queries that, combined, could disclose sensitive information. We also say that the set of queries constitutes an inference channel. We use FCA theories to identify the illegal queries known as disclosure transactions. Then, we propose a run-time solution for neutralizing all suspicious queries while ensuring a trade-off between data protection and data availability. By combining Prime Number with Lattice theory, we keep traces of the previously executed queries so that inferences are blocked at run-time. We also discuss a set of experiments that we conducted.

[1]  Li Xu,et al.  Security of new generation computing systems , 2014, Concurr. Comput. Pract. Exp..

[2]  M. Preethi PRIVACY-PRESERVING DETECTION OF SENSITIVE DATA EXPOSURE , 2016 .

[3]  Sabrina De Capitani di Vimercati,et al.  Specification and enforcement of classification and inference constraints , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Elisa Bertino,et al.  Big Data for Open Digital Innovation - A Research Roadmap , 2015, Big Data Res..

[5]  Mohand-Said Hacid,et al.  Inference Control in Data Integration Systems , 2015, OTM Conferences.

[6]  Rokia Missaoui,et al.  INCREMENTAL CONCEPT FORMATION ALGORITHMS BASED ON GALOIS (CONCEPT) LATTICES , 1995, Comput. Intell..

[7]  Anand Singh Rajawat,et al.  A review of privacy preserving models for multi-party data release framework , 2016, WIR '16.

[8]  Petko Valtchev,et al.  Galicia : an open platform for lattices , 2003 .

[9]  Mohand-Said Hacid,et al.  Effectively and efficiently selecting access control rules on materialized views over relational databases , 2010, IDEAS '10.

[10]  Amedeo Napoli,et al.  Relational concept analysis: mining concept lattices from multi-relational data , 2013, Annals of Mathematics and Artificial Intelligence.

[11]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[12]  I. P. Fellegi,et al.  Statistical Confidentiality: Some Theory and Application to Data Dissemination , 1974 .

[13]  Tilmann Rabl,et al.  Parallel data generation for performance analysis of large, complex RDBMS , 2011, DBTest '11.

[14]  Chong K. Liew,et al.  A data distortion by probability distribution , 1985, TODS.

[15]  Srdjan Marinovic,et al.  Securing Databases from Probabilistic Inference , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[16]  Gultekin Özsoyoglu,et al.  Data Dependencies and Inference Control in Multilevel Relational Database Systems , 1987, 1987 IEEE Symposium on Security and Privacy.

[17]  Mohammed J. Zaki,et al.  Prism: A Primal-Encoding Approach for Frequent Sequence Mining , 2007, Seventh IEEE International Conference on Data Mining (ICDM 2007).

[18]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[19]  Yunhao Liu,et al.  Big Data: A Survey , 2014, Mob. Networks Appl..

[20]  Jemal H. Abawajy,et al.  Privacy models for big data: a survey , 2015, Int. J. Big Data Intell..

[21]  Steven P. Reiss Practical Data-Swapping: The First Steps , 1980, 1980 IEEE Symposium on Security and Privacy.

[22]  P. Kamakshi,et al.  Protection of Database Security VIA Collaborative Inference Detection , 2010 .

[23]  Emmanuel Coquery,et al.  Authorization Policies for Materialized Views , 2012, SEC.

[24]  Arnon Rosenthal,et al.  Administering Permissions for Distributed Data: Factoring and Automated Inference , 2001, DBSec.

[25]  Jinhai Li,et al.  Knowledge representation using interval-valued fuzzy formal concept lattice , 2016, Soft Comput..

[26]  Hannu Toivonen,et al.  TANE: An Efficient Algorithm for Discovering Functional and Approximate Dependencies , 1999, Comput. J..

[27]  Patrick Valduriez,et al.  Principles of Distributed Database Systems, Third Edition , 2011 .

[28]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[29]  M. Gammoudi,et al.  A method for improving Algorithms of Formal Concepts extraction using Prime Numbers , 2013 .

[30]  Cherukuri Aswani Kumar,et al.  Concept lattice reduction using different subset of attributes as information granules , 2017, GRC 2017.

[31]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[32]  Alon Y. Halevy,et al.  MiniCon: A scalable algorithm for answering queries using views , 2000, The VLDB Journal.

[33]  C. Chandrasekar,et al.  Modeling Chinese wall access control using formal concept analysis , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[34]  Jerry den Hartog,et al.  A Policy Framework for Data Fusion and Derived Data Control , 2016, ABAC '16.

[35]  Zachary G. Ives,et al.  Query Processing in Data Integration Systems , 2018, Encyclopedia of Database Systems.

[36]  PhD Mark Levene BSc,et al.  A Guided Tour of Relational Databases and Beyond , 1999, Springer London.

[37]  Fang Liu,et al.  Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce , 2015, CODASPY.

[38]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[39]  Sushil Jajodia,et al.  Integrity Versus Security in Multi-Level Secure Databases , 1988, DBSec.

[40]  Amedeo Napoli,et al.  Characterizing functional dependencies in formal concept analysis with pattern structures , 2014, Annals of Mathematics and Artificial Intelligence.

[41]  Mohand-Said Hacid,et al.  Data Integration in Presence of Authorization Policies , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[42]  Barbara Carminati,et al.  An extended access control mechanism exploiting data dependencies , 2016, International Journal of Information Security.

[43]  Harry S. Delugach,et al.  Wizard: A Database Inference Analysis and Detection System , 1996, IEEE Trans. Knowl. Data Eng..

[44]  Nicola Zannone,et al.  Preventing Information Inference in Access Control , 2015, SACMAT.

[45]  R. Wille Concept lattices and conceptual knowledge systems , 1992 .

[46]  Gultekin Özsoyoglu,et al.  Controlling FD and MVD Inferences in Multilevel Relational Database Systems , 1991, IEEE Trans. Knowl. Data Eng..

[47]  Ivan P. Fellegi,et al.  On the Question of Statistical Confidentiality , 1972 .

[48]  Tilmann Rabl,et al.  TPC-DI: The First Industry Benchmark for Data Integration , 2014, Proc. VLDB Endow..

[49]  Patrick Valduriez,et al.  Principles of Distributed Database Systems , 1990 .

[50]  Ezio Lefons,et al.  An Analytic Approach to Statistical Databases , 1983, VLDB.

[51]  Bernd Groh,et al.  Automated Knowledge and Information Fusion from multiple text-based sources using Formal Concept Ana , 1999 .

[52]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[53]  Mohand-Said Hacid,et al.  Secure Data Integration: A Formal Concept Analysis Based Approach , 2014, DEXA.

[54]  Marianne Huchard,et al.  Performances of Galois Sub-hierarchy-building Algorithms , 2007, ICFCA.

[55]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[56]  Ye-In Chang,et al.  A generalized prime-number-based matrix strategy for efficient iconic indexing of symbolic pictures , 2001, Pattern Recognit. Lett..

[57]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[58]  Bernhard Ganter,et al.  Formal Concept Analysis: Mathematical Foundations , 1998 .

[59]  Rudolf Wille,et al.  Restructuring Lattice Theory: An Approach Based on Hierarchies of Concepts , 2009, ICFCA.

[60]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[61]  Jonas Poelmans,et al.  Formal Concept Analysis in knowledge processing: A survey on models and techniques , 2013, Expert Syst. Appl..

[62]  Mohand-Said Hacid,et al.  Access Control for Data Integration in Presence of Data Dependencies , 2014, DASFAA.

[63]  Murat Kantarcioglu,et al.  Secure logical schema and decomposition algorithm for proactive context dependent attribute based inference control , 2017, Data Knowl. Eng..

[64]  Jan Schlörer Disclosure from Statistical Databases: Quantitative Aspects of Trackers , 1980, ACM Trans. Database Syst..

[65]  Sérgio M. Dias,et al.  A methodology for analysis of concept lattice reduction , 2017, Inf. Sci..

[66]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[67]  Gultekin Özsoyoglu,et al.  Rounding and Inference Controlin Conceptual Models for Statistical Databases , 1985, 1985 IEEE Symposium on Security and Privacy.

[68]  Henryk Wozniakowski,et al.  The statistical security of a statistical database , 1984, TODS.