Skip to main content
SpringerLink
Log in

Access Control for Data Integration in Presence of Data Dependencies

  • Conference paper
Database Systems for Advanced Applications (DASFAA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8422))

Included in the following conference series:

Abstract

Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of databases, vol. 8. Addison-Wesley, Reading (1995)

    MATH  Google Scholar 

  2. Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR 2005 (2005)

    Google Scholar 

  3. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB 2002, pp. 143–154 (2002)

    Google Scholar 

  4. Armellin, G., Betti, D., Casati, F., Chiasera, A., Martinez, G., Stevovic, J.: Privacy preserving event driven integration for interoperating social and health systems. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 54–69. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Armstrong, W.W.: Dependency structures of data base relationships. In: IFIP Congress 1974, pp. 580–583 (1974)

    Google Scholar 

  6. Bache, K., Lichman, M.: UCI machine learning repository (2013)

    Google Scholar 

  7. Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symp. on Security and Privacy, pp. 94–107 (1996)

    Google Scholar 

  8. Bertossi, A.A.: Dominating sets for split and bipartite graphs. Inf. Process. Lett. 19(1), 37–40 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  9. Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. TKDE 2000 12(6), 900–919 (2000)

    Google Scholar 

  10. Chen, B.-C., Le Fevre, K., Ramakrishnan, R.: Privacy skyline: Privacy with multidimensional adversarial knowledge. In: VLDB 2007, pp. 770–781 (2007)

    Google Scholar 

  11. Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. De di Capitani Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Assessing query privileges via safe and efficient permission composition. In: CCS 2008, pp. 311–322 (2008)

    Google Scholar 

  13. Delugach, H.S., Hinke, T.H.: Wizard: A database inference analysis and detection system. IEEE Trans. on Knowl. and Data Engineering 8(1), 56–66 (1996)

    Article  Google Scholar 

  14. di Vimercati, S.D.C., Samarati, P.: Authorization specification and enforcement in federated database systems. J. Comput. Secur. 5(2), 155–188 (1997)

    Google Scholar 

  15. Farkas, C., Jajodia, S.: The inference problem: A survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)

    Article  Google Scholar 

  16. Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42(4), 14:1–14:53 (2010)

    Google Scholar 

  17. Haddad, M., Hacid, M.-S., Laurini, R.: Data integration in presence of authorization policies. In: IEEE 11th Int. Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 92–99 (2012)

    Google Scholar 

  18. Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, M.-S.: Access control for data integration project homepage (2013), http://disi.unitn.it/%7estevovic/acfordi.html

  19. Hastie, T.J., Tibshirani, R.J.: Generalized additive models. Chapman & Hall, London (1990)

    MATH  Google Scholar 

  20. Huhtala, Y., Kärkkäinen, J., Porkka, P., Toivonen, H.: Tane: An efficient algorithm for discovering functional and approximate dependencies. The Computer Journal 42(2), 100–111 (1999)

    Article  MATH  Google Scholar 

  21. Le, M., Kant, K., Jajodia, S.: Cooperative data access in multi-cloud environments. In: Li, Y. (ed.) DBSec. LNCS, vol. 6818, pp. 14–28. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  22. Lenzerini, M.: Data integration: A theoretical perspective. In: Proc. of the Symp. on Principles of Database Systems, pp. 233–246 (2002)

    Google Scholar 

  23. Levene, M., Loizou, G.: A guided tour of relational databases and beyond. Springer (1999)

    Google Scholar 

  24. Martin, D.J., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.Y.: Worst-case background knowledge in privacy. In: ICDE, pp. 126–135 (2007)

    Google Scholar 

  25. Sheth, A.P., Larson, J.A.: Federated database systems for managing distributed, heterogeneous, and autonomous databases. ACM Comput. Surv. 22(3), 183–236 (1990)

    Article  Google Scholar 

  26. Su, T.-A., Özsoyoglu, G.: Data dependencies and inference control in multilevel relational database systems. In: IEEE S. on Sec. and Privacy, pp. 202–211 (1987)

    Google Scholar 

  27. Thuraisingham, M.: Security checking in relational database management systems augmented with inference engines. Computers & Security 6(6), 479–492 (1987)

    Article  Google Scholar 

  28. Wang, H(W.), Liu, R.: Privacy-preserving publishing data with full functional dependencies. In: Kitagawa, H., Ishikawa, Y., Li, Q., Watanabe, C. (eds.) DASFAA 2010. LNCS, vol. 5982, pp. 176–183. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INSA-Lyon, CNRS, LIRIS, UMR5205, F-69621, France

    Mehdi Haddad

  2. Information Engineering and Computer Science, University of Trento, Italy

    Jovan Stevovic & Yannis Velegrakis

  3. Centro Ricerche GPI, Trento, Italy

    Jovan Stevovic & Annamaria Chiasera

  4. Université Lyon 1, CNRS, LIRIS, UMR5205, F-69622, France

    Mohand-Saïd Hacid

Authors
  1. Mehdi Haddad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jovan Stevovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Annamaria Chiasera
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yannis Velegrakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mohand-Saïd Hacid
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering, Nanyang Technological University, 50 Nanyang Avenue, 639798, Singapore, Singapore

    Sourav S. Bhowmick

  2. Department of Computer Science, Utah State University, Old Main Hill, 4205, 84322-4205, Logan, UT, USA

    Curtis E. Dyreson

  3. Department of Computer Science, Aalborg University, Selma Lagerløfs Vej, 300, 9220, Aalborg Øst, Denmark

    Christian S. Jensen

  4. Department of Computer Science, National University of Singapore, 13 Computing Drive, 117417, Singapore, Singapore

    Mong Li Lee

  5. Department of Computer Science, Udayana University, Jl. Kampus Unud Jimbaran Bali, 80364, Badung, Bali, Indonesia

    Agus Muliantara

  6. Information Systems Engineering, Christian-Albrechts-Universität zu Kiel, Olshausenstrasse 40, 24098, Kiel, Germany

    Bernhard Thalheim

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, MS. (2014). Access Control for Data Integration in Presence of Data Dependencies. In: Bhowmick, S.S., Dyreson, C.E., Jensen, C.S., Lee, M.L., Muliantara, A., Thalheim, B. (eds) Database Systems for Advanced Applications. DASFAA 2014. Lecture Notes in Computer Science, vol 8422. Springer, Cham. https://doi.org/10.1007/978-3-319-05813-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05813-9_14

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05812-2

  • Online ISBN: 978-3-319-05813-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation