TY - GEN
T1 - Exact detection of information leakage in database access control
AU - Alborzi, Farid
AU - Chirkova, Rada
AU - Yu, Ting
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.
AB - Elaborate security policies often require organizations to restrict user data access in a fine-grained manner, instead of traditional table- or column-level access control. Not surprisingly, managing finegrained access control in software is rather challenging. In particular, if access is not configured carefully, information leakage may happen: Users may infer sensitive information through the data explicitly accessible to them in centralized systems or in the cloud. In this paper we formalize this information-leakage problem, by modeling sensitive information as answers to “secret queries,” and by modeling access-control rules as views. We focus on the scenario where sensitive information can be deterministically derived by adversaries. We review a natural data-exchange based inference model for detecting information leakage, and show its capabilities and limitation. We then introduce and formally study a new inference model, view-verified data exchange, that overcomes the limitation for the query language under consideration.
KW - Data exchange
KW - Privacy and security in cloud intelligence
UR - https://www.scopus.com/pages/publications/84943642587
U2 - 10.1007/978-3-319-22729-0_31
DO - 10.1007/978-3-319-22729-0_31
M3 - Conference contribution
AN - SCOPUS:84943642587
SN - 9783319227283
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 403
EP - 415
BT - Big Data Analytics and Knowledge Discovery - 17th International Conference, DaWaK 2015, Proceedings
A2 - Hara, Takahiro
A2 - Madria, Sanjay
PB - Springer Verlag
T2 - 17th International Conference on Big Data Analytics and Knowledge Discovery, DaWaK 2015
Y2 - 1 September 2015 through 4 September 2015
ER -