Enabling Collaborative Data Authorization Between Enterprise Clouds

  • Meixing Le
  • Krishna Kant
  • Sushil Jajodia


We consider a collaborative enterprise computing environment where a group of enterprises or parties maintain their own relational databases to which they allow restricted access to other parties. The access is regulated by means of a set of authorization rules that may be defined using relational calculus, including joins over relations from multiple parties. In this chapter, we provide an overview of the issues that arise in such an environment and some solutions. In particular, since individual parties are likely to formulate the rules in a somewhat piecemeal manner, the rules may be mutually inconsistent or inadequate to answer the desired queries. We address the issues of detecting inconsistencies and methods for fixing them. We also discuss the question of enforceability (or adequacy) of the rules. When rules, as given, are not enforceable, we can either augment the access rights or employ trusted third parties to perform unenforceable operations. We also address the issue of handling dynamic changes to rules. Finally, we consider the problem of generating efficient query plans in this environment.


Data Owner Private Cloud Query Plan Third Party Authorization Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    G. Aggarwal, M. Bawa, P. Ganesan, and etc. Two can keep A secret: A distributed architecture for secure database services. In CIDR 2005, pages 186–199.Google Scholar
  2. 2.
    R. Agrawal, D. Asonov, M. Kantarcioglu, and Y. Li. Sovereign joins. In, ICDE 2006, 3–8 April 2006, Atlanta, GA, USA, page 26, 2006.Google Scholar
  3. 3.
    A. V. Aho, C. Beeri, and J. D. Ullman. The theory of joins in relational databases. ACM Transactions on Database Systems, 4(3):297–314, 1979.CrossRefGoogle Scholar
  4. 4.
    E. Al-Shaer, A. El-Atawy, and T. Samak. Automated pseudo-live testing of firewall config- uration enforcement. IEEE Journal on Selected Areas in Communications, 27(3):302–314, 2009.CrossRefGoogle Scholar
  5. 5.
    P. A. Bernstein, N. Goodman, E. Wong, C. L. Reeve, and J. B. Rothnie, Jr. Query processing in a system for distributed databases (SDD-1). ACM Transactions on Database Systems, 6(4):602–625, Dec. 1981.CrossRefzbMATHGoogle Scholar
  6. 6.
    A. Cali and D. Martinenghi. Querying data under access limitations. In ICDE 2008, April 7–12, 2008, Cancun, Mexico, pages 50–59, 2008.Google Scholar
  7. 7.
    S. De Capitani di Vimercati, S.Foresti, S.Jajodia, S.Paraboschi, and P.Samarati. Keep a few: Outsourcing data while maintaining confidentiality. In ESORICS 2009, pages 440–455.Google Scholar
  8. 8.
    R. Pottinger and A. Y. Halevy. Minicon: A scalable algorithm for answering queries using views. VLDB Journal, 10(2–3):182–198, 2001.zbMATHGoogle Scholar
  9. 9.
    M. Le, K. Kant, and S. Jajodia. Access rule consistency in cooperative data access environment. In 8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2012.Google Scholar
  10. 10.
    M. Le, K. Kant, and S. Jajodia. Rule configuration checking in secure cooperative data access. In 5th Symposium on Configuration Analytics and Automation (SafeConfig), 2012.Google Scholar
  11. 11.
    M. Le, K. Kant, and S. Jajodia. Rule enforcement with third parties in secure cooperative data access. In 27th IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec), 2013.Google Scholar
  12. 12.
    A. Wool. A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62–67, 2004.CrossRefGoogle Scholar
  13. 13.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Assessing query privileges via safe and efficient permission composition. In CCS 2008, Virginia, USA, October 27–31, 2008.Google Scholar
  14. 14.
    S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Controlled information sharing in collaborative distributed query processing. In ICDCS 2008, Beijing, China, June 2008.Google Scholar
  15. 15.
    J. Goldstein and P. Larson. Optimizing queries using materialized views: A practical, scalable solution. In SIGMOD 2001, pages 331–342.Google Scholar
  16. 16.
    A. Y. Halevy. Answering queries using views: A survey. VLDB Journal,10(4):270–294,2001.Google Scholar
  17. 17.
    D. Kossmann. The state of the art in distributed query processing. ACM Comput. Survey, 32(4):422–469, 2000.CrossRefGoogle Scholar
  18. 18.
    C. Li. Computing complete answers to queries in the presence of limited access patterns. VLDB Journal, 12(3):211–227, 2003.CrossRefGoogle Scholar
  19. 19.
    K. Hoffman, D. Zage, and C. Nita-Rotaru, A survey of attack and defense techniques for reputation systems, ACM Computing Surveys (CSUR), vol. 42, no. 1, p. 1, 2009.Google Scholar
  20. 20.
    M. Le, K. Kant, and S. Jajodia. Consistent query plan generation in secure cooperative data access. Under submission.
  21. 21.
    R. K. Ko, P. Jagadpramana, M. Mowbray, S. Pearson, M. Kirchberg, Q. Liang, and B. S. Lee, Trustcloud: A framework for accountability and trust in cloud computing, in Services (SERVICES), 2011 IEEE World Congress on, 2011, pp. 584–588.Google Scholar
  22. 22.
    J. Buchmann, E. Dahmen, E. Klintsevich, K. Okeya, and C. Vuillaume, Merkle signa- tures with virtually unlimited signature capacity, in Applied Cryptography and Net- work Security, 2007, pp. 31–45.Google Scholar
  23. 23.
    C. Wang, Q. Wang, K. Ren, and W. Lou, Privacy-preserving public auditing for data storage security in cloud computing, in INFOCOM, 2010 Proceedings IEEE, 2010, pp. 1–9.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations