nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Exact Detection of Information Leakage in Database Access Control

verfasst von : Farid Alborzi, Rada Chirkova, Ting Yu

Erschienen in: Big Data Analytics and Knowledge Discovery

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing fine-grained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud.

In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Graph-Based Concept Discovery Method for n-Ary Relations

The intuition is that tuple patterns occuring over S constrain tuple patterns over T.

Weakly acyclic dependencies [6] are types of tuple- and equality-generating integrity constraints that commonly occur in practice and have nice formal properties.

A ground data set is a data set without null values.

Abiteboul, S., Duschka, O.: Complexity of answering queries using materialized views. In: PODS, pp. 254–263 (1998)

Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)MATH

Agrawal, R., Bayardo Jr., R.J., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing compliance with a hippocratic database. In: VLDB, pp. 516–527 (2004)

Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE JSAC 23(10), 2069–2084 (2005)

Ammann, P., Sandhu, R.S.: Safety analysis for the extended schematic protection model. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 87–97 (1991)

Barcelo, P.: Logical foundations of relational data exchange. SIGMOD Rec. 38(1), 49–58 (2009)CrossRef

Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends Databases 3(1–2), 1–148 (2011)

Biskup, J., Bonatti, P.A.: Controlled query evaluation for known policies by combining lying and refusal. Ann. Math. Artif. Intell. 40(1–2), 37–62 (2004)MathSciNetCrossRefMATH

Bond, R., See, K.Y.-K., Wong, C.K.M., Chan, Y.-K.H.: Understanding DB2 9 Security. IBM Press, Indianapolis (2006)

10.

Brodsky, A., Farkas, C., Jajodia, S.: Secure databases: constraints, inference channels, and monitoring disclosures. IEEE TKDE 12(6), 900–919 (2000)

11.

Chandra, A., Merlin, P.: Optimal implementation of conjunctive queries in relational data bases. In: STOC, pp. 77–90 (1977)

12.

Chen, B.-C., Kifer, D., LeFevre, K., Machanavajjhala, A.: Privacy-preserving data publishing. Found. Trends Databases 2(1–2), 1–167 (2009)CrossRef

13.

Chirkova, R., Yu, T.: Detecting information leakage in database access control with help from data exchange. Technical report (which is not a publication) TR-2013-1, NCSU (2013). http://www.csc.ncsu.edu/research/tech/reports.php

14.

Deutsch, A.: XML query reformulation over mixed and redundant storage. Ph.D. thesis, Univ. Pennsylvania (2002)

15.

Deutsch, A., Nash, A., Remmel, J.: The chase revisited. In: PODS, pp. 149–158 (2008)

16.

Deutsch, A., Tannen, V.: Optimization properties for classes of conjunctive regular path queries. In: Ghelli, G., Grahne, G. (eds.) DBPL 2001. LNCS, vol. 2397, pp. 21–39. Springer, Heidelberg (2002) CrossRef

17.

Domingo-Ferrer, J. (ed.): Inference Control in Statistical Databases. LNCS, vol. 2316. Springer, Heidelberg (2002)

18.

Fagin, R., Kolaitis, P., Miller, R., Popa, L.: Data exchange: semantics and query answering. Theor. Comput. Sci. 336(1), 89–124 (2005)MathSciNetCrossRefMATH

19.

Fuxman, A., Kolaitis, P.G., Miller, R.J., Tan, W.-C.: Peer data exchange. ACM TODS 31(4), 1454–1498 (2006)CrossRef

20.

Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Comm. ACM 19, 461–471 (1976)MathSciNetCrossRefMATH

21.

Kabra, G., Ramamurthy, R., Sudarshan, S.: Redundancy and information leakage in finite-grained access control. In: ACM SIGMOD Conference, pp. 133–144 (2006)

22.

Li, N., Winsborough, W.H., Mitchell, J.C.: Beyond proof-of-compliance: safety and availability analysis in trust management. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 123–139 (2003)

23.

Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. JCSS 73(3), 507–534 (2007)MathSciNetMATH

24.

Motwani, R., Nabar, S., Thomas, D.: Auditing SQL queries. In: ICDE 2008 (2008)

25.

The Virtual Private Database in Oracle9iR2. An Oracle White Paper (2002)

26.

Stoffel, K., Studer, T.: Provable data privacy. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005. LNCS, vol. 3588, pp. 324–332. Springer, Heidelberg (2005) CrossRef

27.

Zhang, X., Ozsoyoglu, M.: Implication and referential constraints: a new formal reasoning. IEEE TKDE 9(6), 894–910 (1997)

28.

Zhang, Z., Mendelzon, A.O.: Authorization views and conditional query containment. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 259–273. Springer, Heidelberg (2005) CrossRef

Titel: Exact Detection of Information Leakage in Database Access Control
verfasst von: Farid Alborzi
Rada Chirkova
Ting Yu
Verlag: Springer International Publishing
Buch: Big Data Analytics and Knowledge Discovery
Print ISBN: 978-3-319-22728-3

Electronic ISBN: 978-3-319-22729-0

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-22729-0_31

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"