Abstract
Defining access control policies in a data integration scenario is a challenging task. In such a scenario typically each source specifies its local access control policy and cannot anticipate data inferences that can arise when data is integrated at the mediator level. Inferences, e.g., using functional dependencies, can allow malicious users to obtain, at the mediator level, prohibited information by linking multiple queries and thus violating the local policies. In this paper, we propose a framework, i.e., a methodology and a set of algorithms, to prevent such violations. First, we use a graph-based approach to identify sets of queries, called violating transactions, and then we propose an approach to forbid the execution of those transactions by identifying additional access control rules that should be added to the mediator. We also state the complexity of the algorithms and discuss a set of experiments we conducted by using both real and synthetic datasets. Tests also confirm the complexity and upper bounds in worst-case scenarios of the proposed algorithms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abiteboul, S., Hull, R., Vianu, V.: Foundations of databases, vol. 8. Addison-Wesley, Reading (1995)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: CIDR 2005 (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB 2002, pp. 143–154 (2002)
Armellin, G., Betti, D., Casati, F., Chiasera, A., Martinez, G., Stevovic, J.: Privacy preserving event driven integration for interoperating social and health systems. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 54–69. Springer, Heidelberg (2010)
Armstrong, W.W.: Dependency structures of data base relationships. In: IFIP Congress 1974, pp. 580–583 (1974)
Bache, K., Lichman, M.: UCI machine learning repository (2013)
Bertino, E., Jajodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symp. on Security and Privacy, pp. 94–107 (1996)
Bertossi, A.A.: Dominating sets for split and bipartite graphs. Inf. Process. Lett. 19(1), 37–40 (1984)
Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: Constraints, inference channels, and monitoring disclosures. TKDE 2000 12(6), 900–919 (2000)
Chen, B.-C., Le Fevre, K., Ramakrishnan, R.: Privacy skyline: Privacy with multidimensional adversarial knowledge. In: VLDB 2007, pp. 770–781 (2007)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Keep a few: Outsourcing data while maintaining confidentiality. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 440–455. Springer, Heidelberg (2009)
De di Capitani Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Assessing query privileges via safe and efficient permission composition. In: CCS 2008, pp. 311–322 (2008)
Delugach, H.S., Hinke, T.H.: Wizard: A database inference analysis and detection system. IEEE Trans. on Knowl. and Data Engineering 8(1), 56–66 (1996)
di Vimercati, S.D.C., Samarati, P.: Authorization specification and enforcement in federated database systems. J. Comput. Secur. 5(2), 155–188 (1997)
Farkas, C., Jajodia, S.: The inference problem: A survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)
Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: A survey of recent developments. ACM Comput. Surv. 42(4), 14:1–14:53 (2010)
Haddad, M., Hacid, M.-S., Laurini, R.: Data integration in presence of authorization policies. In: IEEE 11th Int. Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 92–99 (2012)
Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, M.-S.: Access control for data integration project homepage (2013), http://disi.unitn.it/%7estevovic/acfordi.html
Hastie, T.J., Tibshirani, R.J.: Generalized additive models. Chapman & Hall, London (1990)
Huhtala, Y., Kärkkäinen, J., Porkka, P., Toivonen, H.: Tane: An efficient algorithm for discovering functional and approximate dependencies. The Computer Journal 42(2), 100–111 (1999)
Le, M., Kant, K., Jajodia, S.: Cooperative data access in multi-cloud environments. In: Li, Y. (ed.) DBSec. LNCS, vol. 6818, pp. 14–28. Springer, Heidelberg (2011)
Lenzerini, M.: Data integration: A theoretical perspective. In: Proc. of the Symp. on Principles of Database Systems, pp. 233–246 (2002)
Levene, M., Loizou, G.: A guided tour of relational databases and beyond. Springer (1999)
Martin, D.J., Kifer, D., Machanavajjhala, A., Gehrke, J., Halpern, J.Y.: Worst-case background knowledge in privacy. In: ICDE, pp. 126–135 (2007)
Sheth, A.P., Larson, J.A.: Federated database systems for managing distributed, heterogeneous, and autonomous databases. ACM Comput. Surv. 22(3), 183–236 (1990)
Su, T.-A., Özsoyoglu, G.: Data dependencies and inference control in multilevel relational database systems. In: IEEE S. on Sec. and Privacy, pp. 202–211 (1987)
Thuraisingham, M.: Security checking in relational database management systems augmented with inference engines. Computers & Security 6(6), 479–492 (1987)
Wang, H(W.), Liu, R.: Privacy-preserving publishing data with full functional dependencies. In: Kitagawa, H., Ishikawa, Y., Li, Q., Watanabe, C. (eds.) DASFAA 2010. LNCS, vol. 5982, pp. 176–183. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Haddad, M., Stevovic, J., Chiasera, A., Velegrakis, Y., Hacid, MS. (2014). Access Control for Data Integration in Presence of Data Dependencies. In: Bhowmick, S.S., Dyreson, C.E., Jensen, C.S., Lee, M.L., Muliantara, A., Thalheim, B. (eds) Database Systems for Advanced Applications. DASFAA 2014. Lecture Notes in Computer Science, vol 8422. Springer, Cham. https://doi.org/10.1007/978-3-319-05813-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-05813-9_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05812-2
Online ISBN: 978-3-319-05813-9
eBook Packages: Computer ScienceComputer Science (R0)