Abstract
We consider a collaborative enterprise computing environment where a group of enterprises or parties maintain their own relational databases to which they allow restricted access to other parties. The access is regulated by means of a set of authorization rules that may be defined using relational calculus, including joins over relations from multiple parties. In this chapter, we provide an overview of the issues that arise in such an environment and some solutions. In particular, since individual parties are likely to formulate the rules in a somewhat piecemeal manner, the rules may be mutually inconsistent or inadequate to answer the desired queries. We address the issues of detecting inconsistencies and methods for fixing them. We also discuss the question of enforceability (or adequacy) of the rules. When rules, as given, are not enforceable, we can either augment the access rights or employ trusted third parties to perform unenforceable operations. We also address the issue of handling dynamic changes to rules. Finally, we consider the problem of generating efficient query plans in this environment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
G. Aggarwal, M. Bawa, P. Ganesan, and etc. Two can keep A secret: A distributed architecture for secure database services. In CIDR 2005, pages 186–199.
R. Agrawal, D. Asonov, M. Kantarcioglu, and Y. Li. Sovereign joins. In, ICDE 2006, 3–8 April 2006, Atlanta, GA, USA, page 26, 2006.
A. V. Aho, C. Beeri, and J. D. Ullman. The theory of joins in relational databases. ACM Transactions on Database Systems, 4(3):297–314, 1979.
E. Al-Shaer, A. El-Atawy, and T. Samak. Automated pseudo-live testing of firewall config- uration enforcement. IEEE Journal on Selected Areas in Communications, 27(3):302–314, 2009.
P. A. Bernstein, N. Goodman, E. Wong, C. L. Reeve, and J. B. Rothnie, Jr. Query processing in a system for distributed databases (SDD-1). ACM Transactions on Database Systems, 6(4):602–625, Dec. 1981.
A. Cali and D. Martinenghi. Querying data under access limitations. In ICDE 2008, April 7–12, 2008, Cancun, Mexico, pages 50–59, 2008.
S. De Capitani di Vimercati, S.Foresti, S.Jajodia, S.Paraboschi, and P.Samarati. Keep a few: Outsourcing data while maintaining confidentiality. In ESORICS 2009, pages 440–455.
R. Pottinger and A. Y. Halevy. Minicon: A scalable algorithm for answering queries using views. VLDB Journal, 10(2–3):182–198, 2001.
M. Le, K. Kant, and S. Jajodia. Access rule consistency in cooperative data access environment. In 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2012.
M. Le, K. Kant, and S. Jajodia. Rule configuration checking in secure cooperative data access. In 5th Symposium on Configuration Analytics and Automation (SafeConfig), 2012.
M. Le, K. Kant, and S. Jajodia. Rule enforcement with third parties in secure cooperative data access. In 27th IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2013.
A. Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62–67, 2004.
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Assessing query privileges via safe and efficient permission composition. In CCS 2008, Virginia, USA, October 27–31, 2008.
S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Controlled information sharing in collaborative distributed query processing. In ICDCS 2008, Beijing, China, June 2008.
J. Goldstein and P. Larson. Optimizing queries using materialized views: A practical, scalable solution. In SIGMOD 2001, pages 331–342.
A. Y. Halevy. Answering queries using views: A survey. VLDB Journal,10(4):270–294,2001.
D. Kossmann. The state of the art in distributed query processing. ACM Comput. Survey, 32(4):422–469, 2000.
C. Li. Computing complete answers to queries in the presence of limited access patterns. VLDB Journal, 12(3):211–227, 2003.
K. Hoffman, D. Zage, and C. Nita-Rotaru, A survey of attack and defense techniques for reputation systems, ACM Computing Surveys (CSUR), vol. 42, no. 1, p. 1, 2009.
M. Le, K. Kant, and S. Jajodia. Consistent query plan generation in secure cooperative data access. Under submission. http://mason.gmu.edu/~mlep/submission.pdf
R. K. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, Trustcloud: A framework for accountability and trust in cloud computing, in Services (SERVICES), 2011 IEEE World Congress on, 2011, pp. 584–588.
J. Buchmann, E. Dahmen, E. Klintsevich, K. Okeya, and C. Vuillaume, Merkle signa- tures with virtually unlimited signature capacity, in Applied Cryptography and Net- work Security, 2007, pp. 31–45.
C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public auditing for data storage security in cloud computing, in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1–9.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Le, M., Kant, K., Jajodia, S. (2014). Enabling Collaborative Data Authorization Between Enterprise Clouds. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_7
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9278-8_7
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9277-1
Online ISBN: 978-1-4614-9278-8
eBook Packages: Computer ScienceComputer Science (R0)